Support HTTPS managed forward-proxy endpoints
TL;DR
The proxy system now supports HTTPS managed forward-proxy endpoints and introduces `proxy.tls.caFile` for configuring scoped CA trust for proxy TLS connections.
What changed
OpenClaw added support for HTTPS managed forward-proxy endpoints. The release introduces the proxy.tls.caFile setting to configure scoped CA trust for TLS connections through those proxies.
The change targets self-hosted deployments that must route traffic through corporate or managed proxies instead of direct internet access.
Why it matters
Self-hosted agents like OpenClaw often run on VPS instances inside restricted networks. Without proper HTTPS proxy handling, certificate validation fails and blocks browser control or external API calls.
This update lowers the barrier for Vibe Builders who operate behind company firewalls or regional proxy requirements. It shifts the bet toward reliable operation in constrained environments rather than assuming open outbound access.
How to use it
Open the YAML configuration file for your OpenClaw instance. Add or update the proxy.tls.caFile key with the full path to your CA certificate bundle.
Restart the agent through the CLI command documented in the install guide. Test a single outbound browser task to confirm the proxy route succeeds without TLS errors.
Watch for
Successful connection logs without certificate warnings will confirm the change works as intended. Mismatched CA paths or expired certificates will break outbound actions first. Expect a follow-up release that adds proxy authentication headers next.
Who this matters for
- Vibe Builders: Use the new caFile setting to run OpenClaw agents behind corporate firewalls or managed proxies.
- Developers: Configure proxy.tls.caFile in your YAML to handle scoped CA trust for secure, restricted environments.
Harsh’s take
Most AI agents assume a wide open internet connection, which is a fantasy for enterprise or high security deployments. OpenClaw adding HTTPS managed forward-proxy support is a pragmatic move for real world reliability. By allowing scoped CA trust via the caFile setting, they solve the certificate validation failures that typically kill self-hosted agents in restricted networks.
This update signals that OpenClaw is maturing beyond hobbyist VPS setups toward hardened infrastructure. If you are building agents for corporate clients, this is the level of networking control you need. It turns a brittle browser automation tool into a viable internal service that respects existing security protocols.
Expect more tools to follow this path as they realize the cloud-only, open-access model does not scale in the enterprise.
by Harsh Desai
About OpenClaw
View the full OpenClaw page →All OpenClaw updatesGo deeper
More AI news
- FeatureHermes Agent verifies work with completion contracts and evidence ledgers
Hermes Agent records verification evidence for coding tasks. The /goal command uses completion contracts to judge success against test runs rather than model assertions.
- FeatureCursor adds cloud agent management to the Agents window
Cursor sets up cloud development environments in under 10 minutes, spins up isolated cloud subagents using /in-cloud, and hands off sessions between local and cloud.
- FeatureCursor introduces /automate skill for automating repetitive tasks
Cursor's new /automate skill creates automations from plain language. Workflows trigger via Slack emojis or GitHub events while cloud agents access virtual computers.