# Set up proxy access for your on-prem agent
A proxy server allows an on-prem agent to operate in an environment with limited internet connectivity.
PKIX PATH BUILDING FAILED ERROR
This error occurs when the agent can't validate the SSL certificate chain for the target service. This can happen if intermediate or root certificates are missing, if SSL inspection tools replace or modify certificates, or if a proxy or firewall intercepts the connection between the OPA host and the service.
Refer to PKIX path building failed error for more information.
To define proxy settings for your agent, create a proxy section in your configuration file with the following parameters and modify your agent's activation command:
| Config file definition | Description | Activation command parameter |
|---|---|---|
host | The IP address of the host. | --proxy-host=<host-ip-address> |
port | The port number the proxy uses. | --proxy-port=<port-number> |
username | Optional. Defines a username for the connection. | --proxy-username=<username> |
password | Optional. Defines a password for the connection. | --proxy-password=<password> |
Run the activate script with --help parameter to display the full list of accepted parameters.
SET UP A SECURE TUNNEL
Ensure your proxy server allows CONNECT requests to the Workato gateways sg3.workato.com and sg4.workato.com if you plan to establish a secure tunnel.
# Example configuration
The following config.yml section defines a password-protected proxy connection:
proxy:
host: 192.168.1.1
port: 8080
username: proxy_user
password: proxy_password
database: ...
jms: ...
The following command activates the agent and connects it to the password-protected proxy:
bin\activate.cmd --code={activation-code} --proxy-host=192.168.1.1 --proxy-port=8080 --proxy-username=proxy_user --proxy-password=proxy_password
Last updated: 11/14/2025, 4:09:17 PM