Support HTTPS managed forward-proxy endpoints
TL;DR
The proxy system now supports HTTPS managed forward-proxy endpoints and introduces `proxy.tls.caFile` for configuring scoped CA trust for proxy TLS connections.
## What changed OpenClaw added support for HTTPS managed forward-proxy endpoints. The release introduces the proxy.tls.caFile setting to configure scoped CA trust for TLS connections through those proxies.
The change targets self-hosted deployments that must route traffic through corporate or managed proxies instead of direct internet access.
## Why it matters Self-hosted agents like OpenClaw often run on VPS instances inside restricted networks. Without proper HTTPS proxy handling, certificate validation fails and blocks browser control or external API calls.
This update lowers the barrier for Vibe Builders who operate behind company firewalls or regional proxy requirements. It shifts the bet toward reliable operation in constrained environments rather than assuming open outbound access.
## How to use it Open the YAML configuration file for your OpenClaw instance. Add or update the proxy.tls.caFile key with the full path to your CA certificate bundle.
Restart the agent through the CLI command documented in the install guide. Test a single outbound browser task to confirm the proxy route succeeds without TLS errors.
## Watch for Successful connection logs without certificate warnings will confirm the change works as intended. Mismatched CA paths or expired certificates will break outbound actions first. Expect a follow-up release that adds proxy authentication headers next.
Harsh’s take
This proxy feature fixes a concrete blocker for anyone running OpenClaw on a VPS that sits behind a managed gateway. The added config step increases setup time and creates a new failure mode when the CA file is missing or wrong.
Solo operators gain stability in restricted networks but lose the previous simplicity of a minimal YAML file. Test the setting on a throwaway instance before pointing your main agent at production tasks.
Update your config and run a scheduled browser check today to verify the route.
by Harsh Desai
About OpenClaw
View the full OpenClaw page →All OpenClaw updatesMore from OpenClaw
- FeatureExpand QA-Lab with runtime parity scenarios
Added comprehensive runtime parity tiers and token-efficiency artifacts to the QA-Lab, including specific checks for Codex-vs-Pi compatibility and tool fixture coverage.
- App UpdateUpdate Node.js requirement and Pi packages
Raised the minimum supported Node.js version to 22.19 and updated Pi packages to version 0.75.1 to ensure compatibility with the latest runtime features.
- App UpdateOptimize Gateway startup and restart latency
Reduced restart ready latency by overlapping startup logging and plugin-service initialization with channel sidecars while maintaining strict readiness gating.