Entra ID Private Connector - Proxy configuration not fully honored

[NicoSchmidtbauer]

We are currently trying to set up Global Secure Access in an Environment where the connection of the Entra ID private connector must be made via a Proxy.

We've configured the proxy via the script and the connector registered correctly with the tenant. As the service was running the connector was also active in the tenant.

Next we configured private access and attempted a connection to an internal resource, which failed.

The connector logs now showed:
2025-07-18T13:35:27.6861400+02:00 2: RustSslCertificateValidator: Failed to validate chain of certificate with subject: CN=*.msappproxy.net, O=Microsoft Corporation, L=Redmond, S=WA, C=US thumbprint: (5B930B180B490C350562FF2FBF29932F70A032C4) issuer: CN=Microsoft Azure RSA TLS Issuing CA 04, O=Microsoft Corporation, C=US.
MicrosoftEntraPrivateNetworkConnectorService.exe Information: 0 : 2025-07-18T13:35:27.6861400+02:00 3: RustSslCertificateValidator: Finished in 00:00:00.0098016
MicrosoftEntraPrivateNetworkConnectorService.exe Error: 0 : [Rust] 2025-07-18T11:35:27.686723Z run_grpc_tunnel: Initializing the tunnel failed with [InvalidProxyCertificate] InvalidChain tunnel_id=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

It seems that the connector attemps to perform CRL checks for the certificate of the cloud endpoint it connects to but does NOT use the configured proxy for this.

The issue was solved when we additionally configured the system proxy via netsh winhttp

To me it seems like kind of a bug, that the entra id private connector does not honor the configured proxyserver in the application when performing CRL checks.

Version of the Private Connector: 1.5.4364.0