Reason Error During Ssl Handshake With Remote Server
Contents |
here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings and policies of this site About Us Learn more about Stack Overflow ssl handshake with remote server failed the company Business Learn more about hiring developers or posting ads with us Stack Overflow (502)unknown error 502: proxy: pass request body failed to Questions Jobs Documentation Tags Users Badges Ask Question x Dismiss Join the Stack Overflow Community Stack Overflow is a community of 6.2
Ah00898: Error During Ssl Handshake With Remote Server Returned By
million programmers, just like you, helping each other. Join them; it only takes a minute: Sign up Error during SSL Handshake with remote server up vote 41 down vote favorite 13 I have Apache2 (listening on
Sslproxyverify
443) and a web app running on Tomcat7 (listening on 8443) on Ubuntu. I set apache2 as reverse proxy so that I access the web app through port 443 instead of 8443. Besides, I need to have SSL communication not only between browser and apache2 but also between apache2 and tomcat7, thus I set SSL on both apache2 and tomcat7. If I try to access the web app by directly contacting tomcat7, sslproxycheckpeername everything is fine. The problem is that when I try to access the tomcat's web app through apache2 (reverse proxy), on the browser appears the error: Proxy Error The proxy server could not handle the request GET /web_app. Reason: Error during SSL Handshake with remote server apache tomcat ssl reverse-proxy share|improve this question edited Sep 18 '13 at 13:19 Qben 1,79821221 asked Sep 18 '13 at 12:37 user2791481 306144 Apache does not truest the certificate you have installed on the tomcat. Is it a self-signed cert? Or is it made by an in-house CA? –MK. Sep 18 '13 at 12:55 1 It is self signed with this command: openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt –user2791481 Sep 18 '13 at 12:58 1 serverfault.com/questions/356678/… I think this is what you want: SSLProxyVerify none SSLProxyCheckPeerCN off –MK. Sep 18 '13 at 13:03 7 Better to set SSLProxyCACertificateFile to your private CA certicate, instead of just turning off verification. –nathan.f77 Jan 9 '14 at 0:22 add a comment| 1 Answer 1 active oldest votes up vote 85 down vote The comment by MK pointed me in the right direction. In the case of Apache 2.4 and up, there are different defaults and a new directive. I am running Apache
Favorite Rating: "Server Error!" - "Error during SSL handshake with remote server"This document (7017010) is provided subject to the disclaimer at
Ah00898: Error Reading From Remote Server Returned By
the end of this document. Environment NetIQ Access Manager 4.1Access Manager ah01097: pass request body failed to 4.0.1 upgraded to Access Manager 4.1.1Cloud Manager 2.3 upgraded to Cloud Manager 2.4 Situation Access Manager sslproxycheckpeercn setup with Access Gateway accelerating the Cloud Manager servers. Everything has been working fine for a year, when it was decided to upgrade both the Access Manager http://stackoverflow.com/questions/18872482/error-during-ssl-handshake-with-remote-server and Cloud Manager servers. As soon as this happens, users get the following error accessing the service:Server Error!Error message: The proxy could not handle the request GET /.Reason: Error during SSL handshake with remote serverAll other back end servers (HTTP and HTTPS) worked fine.Enabling debug logging on the Apache proxy showed the following details:Nov https://www.netiq.com/support/kb/doc.php?id=7017010 19 16:09:13 mysso httpd[8744]: [debug] ssl_engine_kernel.c(1911): OpenSSL: Loop: SSLv3 read server hello ANov 19 16:09:13 mysso httpd[8744]: [debug] ssl_engine_kernel.c(1333): Certificate Verification: depth: 2, subject: /O=Entrust.net/OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Certification Authority (2048), issuer: /O=Entrust.net/OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Certification Authority (2048)Nov 19 16:09:13 mysso httpd[8744]: [debug] ssl_engine_kernel.c(1333): Certificate Verification: depth: 1, subject: /C=US/O=Entrust, Inc./OU=www.entrust.net/rpa is incorporated by reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority - L1C, issuer: /O=Entrust.net/OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Certification Authority (2048)Nov 19 16:09:13 mysso httpd[8744]: [debug] ssl_engine_kernel.c(1333): Certificate Verification: depth: 0, subject: /C=IE/L=Dublin/O=Novell Inc/CN=*.novell.com, issuer: /C=US/O=Entrust, Inc./OU=www.entrust.net/rpa is incorporated by reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority - L1CNov 19 16:09:13 mysso httpd[8744]: [debug] ssl_engine_kernel.c(1911): OpenSSL: Loop: SSLv3 read server certificate ANov 19 16:09:13 mysso httpd[8744]: [debug] ssl_engine_kernel.c(1940): OpenSSL: Exit: error in SSLv3 read server key exchange BNov 19 16:09:13 mysso httpd[8744]: [debug] ssl_engine_kernel.c(1940): OpenSSL: Exit: error in SSLv3 read server key exchange BNov 19 16:09:1
Favorite Rating: "Server Error!" - https://www.novell.com/support/kb/doc.php?id=7017010 "Error during SSL handshake with remote server"This document (7017010) is provided subject to the disclaimer at the end of this document. Environment NetIQ Access Manager 4.1Access Manager 4.0.1 upgraded to Access Manager 4.1.1Cloud Manager 2.3 upgraded to Cloud Manager 2.4 Situation Access Manager setup with Access remote server Gateway accelerating the Cloud Manager servers. Everything has been working fine for a year, when it was decided to upgrade both the Access Manager and Cloud Manager servers. As soon as this happens, users get the following error accessing the service:Server Error!Error message: The proxy ssl handshake with could not handle the request GET /.Reason: Error during SSL handshake with remote serverAll other back end servers (HTTP and HTTPS) worked fine.Enabling debug logging on the Apache proxy showed the following details:Nov 19 16:09:13 mysso httpd[8744]: [debug] ssl_engine_kernel.c(1911): OpenSSL: Loop: SSLv3 read server hello ANov 19 16:09:13 mysso httpd[8744]: [debug] ssl_engine_kernel.c(1333): Certificate Verification: depth: 2, subject: /O=Entrust.net/OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Certification Authority (2048), issuer: /O=Entrust.net/OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Certification Authority (2048)Nov 19 16:09:13 mysso httpd[8744]: [debug] ssl_engine_kernel.c(1333): Certificate Verification: depth: 1, subject: /C=US/O=Entrust, Inc./OU=www.entrust.net/rpa is incorporated by reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority - L1C, issuer: /O=Entrust.net/OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Certification Authority (2048)Nov 19 16:09:13 mysso httpd[8744]: [debug] ssl_engine_kernel.c(1333): Certificate Verification: depth: 0, subject: /C=IE/L=Dublin/O=Novell Inc/CN=*.novell.com, issuer: /C=US/O=Entrust, Inc./OU=w