It could be. We will check that next. SSL does not terminate at the LB. It terminates at the server. Or is supposed to. We don't have access to the LB config, so will have to ask those folks tomorrow. We will check netstat now. thanks On 5/12/15 5:13 PM, "Yann Ylavic" <ylavic.dev@xxxxxxxxx> wrote: >Can't it be that the LB does not let the connection pass through? >If the LB is not an SSL end point, it may block based on the Server >Name Indication (SNI)? >On the httpd side, maybe you could look at the network level if the >connection with the client is established (netstat, tcpdump, ...). > >On Tue, May 12, 2015 at 11:02 PM, Rose, John B <jbrose@xxxxxxx> wrote: >> It is not generating an entry in the Apache log files. Unless we have >> missed it. But we believe have looked thru them thoroughly. >> >> On 5/12/15 4:01 PM, "Yann Ylavic" <ylavic.dev@xxxxxxxxx> wrote: >> >>>Can you see the connection arrive, somehow timeout, and finally be >>>logged on the Apache server? >>> >>>On Tue, May 12, 2015 at 9:53 PM, Rose, John B <jbrose@xxxxxxx> wrote: >>>> Yann >>>> >>>> All efforts appreciated. >>>> >>>> First.abc.com goes thru a load balancer >>>> >>>> http://first.abc.com >>>> >>>> Works fine. >>>> >>>> https://first.abc.com >>>> >>>> does not >>>> >>>> If I understand your question correctly. >>>> >>>> John >>>> >>>> >>>> >>>> On 5/12/15 3:40 PM, "Yann Ylavic" <ylavic.dev@xxxxxxxxx> wrote: >>>> >>>>>Probably a silly question, but, is first.abc.com accessible (dns, >>>>>route, ...) from the client host? >>>>> >>>>>Regards, >>>>>Yann. >>>>> >>>>>On Tue, May 12, 2015 at 9:12 PM, Rose, John B <jbrose@xxxxxxx> wrote: >>>>>> We gave that a try based on your recommendation, but it did not >>>>>>change >>>>>>the >>>>>> result. >>>>>> >>>>>> We are still looking for an answer. >>>>>> >>>>>> Thanks >>>>>> >>>>>> On 5/12/15 12:03 PM, "Jack Swan" <john.swan@xxxxxxxxxx> wrote: >>>>>> >>>>>>> >>>>>>>Occasionally we've had the spinning connecting problem here during >>>>>>>some >>>>>>>of our development. >>>>>>>You might try clearing/deleting any certificates for that particular >>>>>>>host >>>>>>>in Firefox. >>>>>>> >>>>>>>Tools->Options - Advanced. Select View Certificates and >>>>>>>delete/distruct >>>>>>>the certs for that host. >>>>>>> >>>>>>>Maybe that'll work. It did for us. >>>>>>> >>>>>>>----- Original Message ----- >>>>>>>From: jbrose@xxxxxxx >>>>>>>To: users@xxxxxxxxxxxxxxxx >>>>>>>Sent: Tuesday, May 12, 2015 11:47:24 AM GMT -05:00 US/Canada Eastern >>>>>>>Subject: Re: SSL not working for ServerAlias through >>>>>>>load >>>>>>>balancer >>>>>>> >>>>>>>In Firefox we get the spinning "ConnectingŠ" indicator in the tab, >>>>>>>and >>>>>>>it >>>>>>>never advances any further. >>>>>>> >>>>>>>On 5/12/15 11:27 AM, "Rich Bowen" <rbowen@xxxxxxxxxxx> wrote: >>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>On 05/12/2015 10:40 AM, Rose, John B wrote: >>>>>>>>> Red Hat 7 Apache 2.4 >>>>>>>>> >>>>>>>>> We are using name based virtual hosts SSL configuration. >>>>>>>>> >>>>>>>>> Which is working except not for one of our ServerAlias that goes >>>>>>>>>thru a >>>>>>>>> load balancer >>>>>>>>> >>>>>>>>> Not using SSL works fine. We can access all these via the >>>>>>>>>browser Š >>>>>>>>> >>>>>>>>> http://baseserver.sub.abc.com >>>>>>>>> http://first.sub.abc.com >>>>>>>>> http://first.abc.com >>>>>>>>> >>>>>>>>> Using SSL we can go to these successfully Š >>>>>>>>> >>>>>>>>> https://baseserver.sub.abc.com >>>>>>>>> https://First.sub.abc.com >>>>>>>>> >>>>>>>>> But not this Š >>>>>>>>> >>>>>>>>> https://first.abc.com >>>>>>>>> >>>>>>>>> Here is our config Š >>>>>>>>> >>>>>>>>> Have tried these .. >>>>>>>>> <VirtualHost *.443> >>>>>>>>> and >>>>>>>>> <VirtualHost first.sub.abc.com:443> >>>>>>>>> and >>>>>>>>> <VirtualHost first.abc.com:443> >>>>>>>>> >>>>>>>>> ServerName baseserver.sub.abc.com >>>>>>>>> ServerAlias first.sub.abc.com >>>>>>>>> ServerAlias first.abc.com >>>>>>>>> >>>>>>>>> SSLEngine on >>>>>>>>> DocumentRoot "/www/docs" >>>>>>>>> >>>>>>>>> <Directory "/www/docs"> >>>>>>>>> Š >>>>>>>>> </Directory> >>>>>>>>> >>>>>>>>> >>>>>>>>> ProxyPassMatch ^/(.*\.php(/.*)?)$ >>>>>>>>>fcgi://127.0.0.1:9000/www/docs/ >>>>>>>>> DirectoryIndex index.php index.html >>>>>>>>> >>>>>>>>> SSL Certificate stuff Š >>>>>>>>> >>>>>>>>> </VirtualHost> >>>>>>>>> >>>>>>>>> >>>>>>>>> Any suggestions why the Load Balanced SSL ServerAlias. >>>>>>>>> https://first.abc.com, is not working? >>>>>>>> >>>>>>>>Can you elaborate on "not working"? What exactly happens? >>>>>>>> >>>>>>>> >>>>>>>>-- >>>>>>>>Rich Bowen - rbowen@xxxxxxxxxxx - @rbowen >>>>>>>>http://apachecon.com/ - @apachecon >>>>>>>> >>>>>>>>------------------------------------------------------------------- >>>>>>>>-- >>>>>>>>To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >>>>>>>>For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >>>>>>>> >>>>>>> >>>>>>> >>>>>>>-------------------------------------------------------------------- >>>>>>>- >>>>>>>To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >>>>>>>For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >>>>>>> >>>>>>> >>>>>>>-------------------------------------------------------------------- >>>>>>>- >>>>>>>To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >>>>>>>For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>>--------------------------------------------------------------------- >>>>>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >>>>>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >>>>>> >>>>> >>>>>--------------------------------------------------------------------- >>>>>To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >>>>>For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >>>>> >>>> >>>> >>>> --------------------------------------------------------------------- >>>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >>>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >>>> >>> >>>--------------------------------------------------------------------- >>>To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >>>For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >>> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >> > >--------------------------------------------------------------------- >To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx