No Firewall between VCSA and Serengeti. Both would need to go through the proxy to reach the internet. So currently I'm wondering why they try to go to the internet at this point?!
I have configured the proxy for VCSA.
I must admit that I changed the hostname of VCSA in an early stage and I have not been able to regenerate all certificates to match the right FQDN. See vCSA SSL Certificate regeneration not working
At this point I assume that the problem might come from the broken certificate chain? Could this be possible - I mean are certificates being validated for the communication between VCSA and BDE/Serengeti? Or should the communication between VCSA and BDE/Serengeti also work if certificates won't match the right FQDN hostname?