We checked netstat -an while attempting the https thru the browser. It seems to be getting to the server. tcp 0 0 xxx.xxx.xxx.xxx:443 yyy.yyy.yyy.yyy:35948 TIME_WAIT tcp 0 0 xxx.xxx.xxx.xxx:443 yyy.yyy.yyy.yyy:36375 FIN_WAIT2 Etc. On 5/12/15 5:13 PM, "Yann Ylavic" <ylavic.dev@xxxxxxxxx> wrote: >Can't it be that the LB does not let the connection pass through? >If the LB is not an SSL end point, it may block based on the Server >Name Indication (SNI)? >On the httpd side, maybe you could look at the network level if the >connection with the client is established (netstat, tcpdump, ...). > >On Tue, May 12, 2015 at 11:02 PM, Rose, John B <jbrose@xxxxxxx> wrote: >> It is not generating an entry in the Apache log files. Unless we have >> missed it. But we believe have looked thru them thoroughly. >> >> On 5/12/15 4:01 PM, "Yann Ylavic" <ylavic.dev@xxxxxxxxx> wrote: >> >>>Can you see the connection arrive, somehow timeout, and finally be >>>logged on the Apache server? >>> >>>On Tue, May 12, 2015 at 9:53 PM, Rose, John B <jbrose@xxxxxxx> wrote: >>>> Yann >>>> >>>> All efforts appreciated. >>>> >>>> First.abc.com goes thru a load balancer >>>> >>>> http://first.abc.com >>>> >>>> Works fine. >>>> >>>> https://first.abc.com >>>> >>>> does not >>>> >>>> If I understand your question correctly. >>>> >>>> John >>>> >>>> >>>> >>>> On 5/12/15 3:40 PM, "Yann Ylavic" <ylavic.dev@xxxxxxxxx> wrote: >>>> >>>>>Probably a silly question, but, is first.abc.com accessible (dns, >>>>>route, ...) from the client host? >>>>> >>>>>Regards, >>>>>Yann. >>>>> >>>>>On Tue, May 12, 2015 at 9:12 PM, Rose, John B <jbrose@xxxxxxx> wrote: >>>>>> We gave that a try based on your recommendation, but it did not >>>>>>change >>>>>>the >>>>>> result. >>>>>> >>>>>> We are still looking for an answer. >>>>>> >>>>>> Thanks >>>>>> >>>>>> On 5/12/15 12:03 PM, "Jack Swan" <john.swan@xxxxxxxxxx> wrote: >>>>>> >>>>>>> >>>>>>>Occasionally we've had the spinning connecting problem here during >>>>>>>some >>>>>>>of our development. >>>>>>>You might try clearing/deleting any certificates for that particular >>>>>>>host >>>>>>>in Firefox. >>>>>>> >>>>>>>Tools->Options - Advanced. Select View Certificates and >>>>>>>delete/distruct >>>>>>>the certs for that host. >>>>>>> >>>>>>>Maybe that'll work. It did for us. >>>>>>> >>>>>>>----- Original Message ----- >>>>>>>From: jbrose@xxxxxxx >>>>>>>To: users@xxxxxxxxxxxxxxxx >>>>>>>Sent: Tuesday, May 12, 2015 11:47:24 AM GMT -05:00 US/Canada Eastern >>>>>>>Subject: Re: SSL not working for ServerAlias through >>>>>>>load >>>>>>>balancer >>>>>>> >>>>>>>In Firefox we get the spinning "ConnectingŠ" indicator in the tab, >>>>>>>and >>>>>>>it >>>>>>>never advances any further. >>>>>>> >>>>>>>On 5/12/15 11:27 AM, "Rich Bowen" <rbowen@xxxxxxxxxxx> wrote: >>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>On 05/12/2015 10:40 AM, Rose, John B wrote: >>>>>>>>> Red Hat 7 Apache 2.4 >>>>>>>>> >>>>>>>>> We are using name based virtual hosts SSL configuration. >>>>>>>>> >>>>>>>>> Which is working except not for one of our ServerAlias that goes >>>>>>>>>thru a >>>>>>>>> load balancer >>>>>>>>> >>>>>>>>> Not using SSL works fine. We can access all these via the >>>>>>>>>browser Š >>>>>>>>> >>>>>>>>> http://baseserver.sub.abc.com >>>>>>>>> http://first.sub.abc.com >>>>>>>>> http://first.abc.com >>>>>>>>> >>>>>>>>> Using SSL we can go to these successfully Š >>>>>>>>> >>>>>>>>> https://baseserver.sub.abc.com >>>>>>>>> https://First.sub.abc.com >>>>>>>>> >>>>>>>>> But not this Š >>>>>>>>> >>>>>>>>> https://first.abc.com >>>>>>>>> >>>>>>>>> Here is our config Š >>>>>>>>> >>>>>>>>> Have tried these .. >>>>>>>>> <VirtualHost *.443> >>>>>>>>> and >>>>>>>>> <VirtualHost first.sub.abc.com:443> >>>>>>>>> and >>>>>>>>> <VirtualHost first.abc.com:443> >>>>>>>>> >>>>>>>>> ServerName baseserver.sub.abc.com >>>>>>>>> ServerAlias first.sub.abc.com >>>>>>>>> ServerAlias first.abc.com >>>>>>>>> >>>>>>>>> SSLEngine on >>>>>>>>> DocumentRoot "/www/docs" >>>>>>>>> >>>>>>>>> <Directory "/www/docs"> >>>>>>>>> Š >>>>>>>>> </Directory> >>>>>>>>> >>>>>>>>> >>>>>>>>> ProxyPassMatch ^/(.*\.php(/.*)?)$ >>>>>>>>>fcgi://127.0.0.1:9000/www/docs/ >>>>>>>>> DirectoryIndex index.php index.html >>>>>>>>> >>>>>>>>> SSL Certificate stuff Š >>>>>>>>> >>>>>>>>> </VirtualHost> >>>>>>>>> >>>>>>>>> >>>>>>>>> Any suggestions why the Load Balanced SSL ServerAlias. >>>>>>>>> https://first.abc.com, is not working? >>>>>>>> >>>>>>>>Can you elaborate on "not working"? What exactly happens? >>>>>>>> >>>>>>>> >>>>>>>>-- >>>>>>>>Rich Bowen - rbowen@xxxxxxxxxxx - @rbowen >>>>>>>>http://apachecon.com/ - @apachecon >>>>>>>> >>>>>>>>------------------------------------------------------------------- >>>>>>>>-- >>>>>>>>To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >>>>>>>>For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >>>>>>>> >>>>>>> >>>>>>> >>>>>>>-------------------------------------------------------------------- >>>>>>>- >>>>>>>To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >>>>>>>For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >>>>>>> >>>>>>> >>>>>>>-------------------------------------------------------------------- >>>>>>>- >>>>>>>To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >>>>>>>For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>>--------------------------------------------------------------------- >>>>>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >>>>>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >>>>>> >>>>> >>>>>--------------------------------------------------------------------- >>>>>To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >>>>>For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >>>>> >>>> >>>> >>>> --------------------------------------------------------------------- >>>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >>>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >>>> >>> >>>--------------------------------------------------------------------- >>>To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >>>For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >>> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >> > >--------------------------------------------------------------------- >To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|