You should then see "activity" with LogLevel debug, where does this leads? (Note regarding *:443, you indicated *.443 -with a dot- in the original message, was that a typo?) On Tue, May 12, 2015 at 11:32 PM, Rose, John B <jbrose@xxxxxxx> wrote: > We checked netstat -an while attempting the https thru the browser. It > seems to be getting to the server. > > tcp 0 0 xxx.xxx.xxx.xxx:443 yyy.yyy.yyy.yyy:35948 TIME_WAIT > tcp 0 0 xxx.xxx.xxx.xxx:443 yyy.yyy.yyy.yyy:36375 > FIN_WAIT2 > Etc. > > > On 5/12/15 5:13 PM, "Yann Ylavic" <ylavic.dev@xxxxxxxxx> wrote: > >>Can't it be that the LB does not let the connection pass through? >>If the LB is not an SSL end point, it may block based on the Server >>Name Indication (SNI)? >>On the httpd side, maybe you could look at the network level if the >>connection with the client is established (netstat, tcpdump, ...). >> >>On Tue, May 12, 2015 at 11:02 PM, Rose, John B <jbrose@xxxxxxx> wrote: >>> It is not generating an entry in the Apache log files. Unless we have >>> missed it. But we believe have looked thru them thoroughly. >>> >>> On 5/12/15 4:01 PM, "Yann Ylavic" <ylavic.dev@xxxxxxxxx> wrote: >>> >>>>Can you see the connection arrive, somehow timeout, and finally be >>>>logged on the Apache server? >>>> >>>>On Tue, May 12, 2015 at 9:53 PM, Rose, John B <jbrose@xxxxxxx> wrote: >>>>> Yann >>>>> >>>>> All efforts appreciated. >>>>> >>>>> First.abc.com goes thru a load balancer >>>>> >>>>> http://first.abc.com >>>>> >>>>> Works fine. >>>>> >>>>> https://first.abc.com >>>>> >>>>> does not >>>>> >>>>> If I understand your question correctly. >>>>> >>>>> John >>>>> >>>>> >>>>> >>>>> On 5/12/15 3:40 PM, "Yann Ylavic" <ylavic.dev@xxxxxxxxx> wrote: >>>>> >>>>>>Probably a silly question, but, is first.abc.com accessible (dns, >>>>>>route, ...) from the client host? >>>>>> >>>>>>Regards, >>>>>>Yann. >>>>>> >>>>>>On Tue, May 12, 2015 at 9:12 PM, Rose, John B <jbrose@xxxxxxx> wrote: >>>>>>> We gave that a try based on your recommendation, but it did not >>>>>>>change >>>>>>>the >>>>>>> result. >>>>>>> >>>>>>> We are still looking for an answer. >>>>>>> >>>>>>> Thanks >>>>>>> >>>>>>> On 5/12/15 12:03 PM, "Jack Swan" <john.swan@xxxxxxxxxx> wrote: >>>>>>> >>>>>>>> >>>>>>>>Occasionally we've had the spinning connecting problem here during >>>>>>>>some >>>>>>>>of our development. >>>>>>>>You might try clearing/deleting any certificates for that particular >>>>>>>>host >>>>>>>>in Firefox. >>>>>>>> >>>>>>>>Tools->Options - Advanced. Select View Certificates and >>>>>>>>delete/distruct >>>>>>>>the certs for that host. >>>>>>>> >>>>>>>>Maybe that'll work. It did for us. >>>>>>>> >>>>>>>>----- Original Message ----- >>>>>>>>From: jbrose@xxxxxxx >>>>>>>>To: users@xxxxxxxxxxxxxxxx >>>>>>>>Sent: Tuesday, May 12, 2015 11:47:24 AM GMT -05:00 US/Canada Eastern >>>>>>>>Subject: Re: SSL not working for ServerAlias through >>>>>>>>load >>>>>>>>balancer >>>>>>>> >>>>>>>>In Firefox we get the spinning "ConnectingŠ" indicator in the tab, >>>>>>>>and >>>>>>>>it >>>>>>>>never advances any further. >>>>>>>> >>>>>>>>On 5/12/15 11:27 AM, "Rich Bowen" <rbowen@xxxxxxxxxxx> wrote: >>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>>On 05/12/2015 10:40 AM, Rose, John B wrote: >>>>>>>>>> Red Hat 7 Apache 2.4 >>>>>>>>>> >>>>>>>>>> We are using name based virtual hosts SSL configuration. >>>>>>>>>> >>>>>>>>>> Which is working except not for one of our ServerAlias that goes >>>>>>>>>>thru a >>>>>>>>>> load balancer >>>>>>>>>> >>>>>>>>>> Not using SSL works fine. We can access all these via the >>>>>>>>>>browser Š >>>>>>>>>> >>>>>>>>>> http://baseserver.sub.abc.com >>>>>>>>>> http://first.sub.abc.com >>>>>>>>>> http://first.abc.com >>>>>>>>>> >>>>>>>>>> Using SSL we can go to these successfully Š >>>>>>>>>> >>>>>>>>>> https://baseserver.sub.abc.com >>>>>>>>>> https://First.sub.abc.com >>>>>>>>>> >>>>>>>>>> But not this Š >>>>>>>>>> >>>>>>>>>> https://first.abc.com >>>>>>>>>> >>>>>>>>>> Here is our config Š >>>>>>>>>> >>>>>>>>>> Have tried these .. >>>>>>>>>> <VirtualHost *.443> >>>>>>>>>> and >>>>>>>>>> <VirtualHost first.sub.abc.com:443> >>>>>>>>>> and >>>>>>>>>> <VirtualHost first.abc.com:443> >>>>>>>>>> >>>>>>>>>> ServerName baseserver.sub.abc.com >>>>>>>>>> ServerAlias first.sub.abc.com >>>>>>>>>> ServerAlias first.abc.com >>>>>>>>>> >>>>>>>>>> SSLEngine on >>>>>>>>>> DocumentRoot "/www/docs" >>>>>>>>>> >>>>>>>>>> <Directory "/www/docs"> >>>>>>>>>> Š >>>>>>>>>> </Directory> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> ProxyPassMatch ^/(.*\.php(/.*)?)$ >>>>>>>>>>fcgi://127.0.0.1:9000/www/docs/ >>>>>>>>>> DirectoryIndex index.php index.html >>>>>>>>>> >>>>>>>>>> SSL Certificate stuff Š >>>>>>>>>> >>>>>>>>>> </VirtualHost> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Any suggestions why the Load Balanced SSL ServerAlias. >>>>>>>>>> https://first.abc.com, is not working? >>>>>>>>> >>>>>>>>>Can you elaborate on "not working"? What exactly happens? >>>>>>>>> >>>>>>>>> >>>>>>>>>-- >>>>>>>>>Rich Bowen - rbowen@xxxxxxxxxxx - @rbowen >>>>>>>>>http://apachecon.com/ - @apachecon >>>>>>>>> >>>>>>>>>------------------------------------------------------------------- >>>>>>>>>-- >>>>>>>>>To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >>>>>>>>>For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>-------------------------------------------------------------------- >>>>>>>>- >>>>>>>>To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >>>>>>>>For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >>>>>>>> >>>>>>>> >>>>>>>>-------------------------------------------------------------------- >>>>>>>>- >>>>>>>>To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >>>>>>>>For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>>--------------------------------------------------------------------- >>>>>>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >>>>>>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >>>>>>> >>>>>> >>>>>>--------------------------------------------------------------------- >>>>>>To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >>>>>>For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >>>>>> >>>>> >>>>> >>>>> --------------------------------------------------------------------- >>>>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >>>>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >>>>> >>>> >>>>--------------------------------------------------------------------- >>>>To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >>>>For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >>>> >>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >>> >> >>--------------------------------------------------------------------- >>To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >>For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|