Submit Feedback
Legacy Knowledge Base
Published Jun. 30, 2025

Accessing HTTPS services through VPN Connection

Written By

Daniel Carrillo Broeder

How To articles are not official guidelines or officially supporteddocumentation. They are community-contributed content and may not alwaysreflect the latest updates to Liferay DXP. We welcome your feedback toimprove How to articles!

While we make every effort to ensure this Knowledge Base is accurate, itmay not always reflect the most recent updates or official guidelines.We appreciate your understanding and encourage you to reach out with anyfeedback or concerns.

Legacy Article

You are viewing an article from our legacy "FastTrack"publication program, made available for informational purposes. Articlesin this program were published without a requirement for independentediting or verification and are provided "as is" withoutguarantee.

Before using any information from this article, independently verify itssuitability for your situation and project.

Issue

  • Multiple security/certificate/host errors can occur when trying to access an internal HTTPS service through a SaaS/PaaS VPN connection.

Environment

  • Liferay PaaS/SaaS client-to-site VPN connection.
  • Set up port forwarding to a HTTPS service. (e.g. vpn:1000 → 10.10.10.10:443).

Resolution

  • At this moment, the vpn host does not support https as it relies in port forwarding.
  • Fundamentally, the infrastructure requires three elements to establish a VPN connection:
    1. VPN Server: Along with internal services. 
      • E.g., 111.112.113.XYZ:443 (Sample public IP).
    2. VPN Client (Cloud service): Connects to the VPN Server
      • E.g., vpn:1000 → 10.10.10.10:443 Port forwarding
    3. Liferay (Cloud service): Access the VPN service through the vpn:1000 host.
  • Since Liferay has no visibility into the internal network or services of the VPN, all connections to VPN services will be made using the VPN host, which may lead to certificate errors
  • This limitation will not be an issue in some cases, and the connection will be successfully established.
  • However, allowing invalid SSL connections for this host on both client and server sides could help resolve this limitation.
  • If the connection issue persists, an HTTP service may be required.

Additional Information

 

 

Did this article resolve your issue ?
Legacy Knowledge Base
Did this article resolve your issue ?