This guide helps you resolve network connectivity issues, including proxy configuration and SSL/TLS certificate problems.

Proxy

The AskUI Shell has built-in proxy autodetection. This is the recommended approach for handling proxy connections:

Recommended: Proxy Autodetection (AskUI Shell)

The AskUI Shell will automatically detect and configure the proxy settings for you. In the background, the AskUI Shell:
  1. Starts the local proxy
  2. Sets HTTP_PROXY environment variables

Alternative Options

If the automatic proxy detection doesn’t work for your setup, you can use these fallback options:

Manual Proxy Configuration

Use the AskUI Shell command to manually set proxy settings:
AskUI-SetSettings -HttpProxy <proxy> -HttpsProxy <proxy>

Start Local Proxy Manually

For advanced users who need full control over proxy configuration, you can start the local proxy manually. See the PxProxy documentation for detailed instructions.

Deep Package Inspection

Company proxies, like Zscalar, use deep package inspection to analyze the network traffic. Such proxies are adding self-signed certificates to the HTTPS request to break up the TLS connection. This can result in the following error messages:
 RequestError: self signed certificate
or
 RequestError: unable to verify the first certificate
You can add a self-signed certificate as extra CA Certs to solve this problem as detailed in the next section. The following step-by-step instructions will show you how to add the correct certificate as extra CA Certs.
  1. Open the certificate viewer in your browser. Chrome: Depending on your operating system there is a Lock-icon left of your browser bar that opens the certificate viewer directly or another icon that opens a Site Information menu where you have to select Connection is Secure -> Certificate is Valid Firefox: Click the Lock-icon left of your browser bar. click on Connection Secure -> More Information. Select the tab Security. Click View Certificate.
  2. Chrome: Open the Details tab. Firefox: Select the GTS Root R1 certificate.
  3. Chrome: Select the Certificate GTS Root R1 and click Export… on the bottom right. Firefox: Under Miscellaneous, you can download the certificate.
  4. Save it somewhere you can find it.
Windows Chrome: Download the certificate in the three steps marked inside the picture above.
macOS/Unix Chrome: Open the certificate viewer step 1.
macOS/Unix Chrome: Open the certificate viewer step 2.
macOS/Unix Chrome: Open the certificate viewer step 3.
Use AskUI-SetSettings -ServerIdentityCertificate reference to load the certificate into the necessary places of your system. Additional information:

Firewall Configuration

If AskUI is blocked by your firewall, ensure the required domains are whitelisted. See the network requirements in our Installation guide for the complete list of domains that need to be accessible.

Next Steps