We will check in the morning. I am not sure about the typo, I cannot access it at the moment. Thanks again for your efforts. Sent from my iPad > On May 12, 2015, at 5:52 PM, Yann Ylavic <ylavic.dev@xxxxxxxxx> wrote: > > You should then see "activity" with LogLevel debug, where does this leads? > > (Note regarding *:443, you indicated *.443 -with a dot- in the > original message, was that a typo?) > >> On Tue, May 12, 2015 at 11:32 PM, Rose, John B <jbrose@xxxxxxx> wrote: >> We checked netstat -an while attempting the https thru the browser. It >> seems to be getting to the server. >> >> tcp 0 0 xxx.xxx.xxx.xxx:443 yyy.yyy.yyy.yyy:35948 TIME_WAIT >> tcp 0 0 xxx.xxx.xxx.xxx:443 yyy.yyy.yyy.yyy:36375 >> FIN_WAIT2 >> Etc. >> >> >>> On 5/12/15 5:13 PM, "Yann Ylavic" <ylavic.dev@xxxxxxxxx> wrote: >>> >>> Can't it be that the LB does not let the connection pass through? >>> If the LB is not an SSL end point, it may block based on the Server >>> Name Indication (SNI)? >>> On the httpd side, maybe you could look at the network level if the >>> connection with the client is established (netstat, tcpdump, ...). >>> >>>> On Tue, May 12, 2015 at 11:02 PM, Rose, John B <jbrose@xxxxxxx> wrote: >>>> It is not generating an entry in the Apache log files. Unless we have >>>> missed it. But we believe have looked thru them thoroughly. >>>> >>>>> On 5/12/15 4:01 PM, "Yann Ylavic" <ylavic.dev@xxxxxxxxx> wrote: >>>>> >>>>> Can you see the connection arrive, somehow timeout, and finally be >>>>> logged on the Apache server? >>>>> >>>>>> On Tue, May 12, 2015 at 9:53 PM, Rose, John B <jbrose@xxxxxxx> wrote: >>>>>> Yann >>>>>> >>>>>> All efforts appreciated. >>>>>> >>>>>> First.abc.com goes thru a load balancer >>>>>> >>>>>> http://first.abc.com >>>>>> >>>>>> Works fine. >>>>>> >>>>>> https://first.abc.com >>>>>> >>>>>> does not >>>>>> >>>>>> If I understand your question correctly. >>>>>> >>>>>> John >>>>>> >>>>>> >>>>>> >>>>>>> On 5/12/15 3:40 PM, "Yann Ylavic" <ylavic.dev@xxxxxxxxx> wrote: >>>>>>> >>>>>>> Probably a silly question, but, is first.abc.com accessible (dns, >>>>>>> route, ...) from the client host? >>>>>>> >>>>>>> Regards, >>>>>>> Yann. >>>>>>> >>>>>>>> On Tue, May 12, 2015 at 9:12 PM, Rose, John B <jbrose@xxxxxxx> wrote: >>>>>>>> We gave that a try based on your recommendation, but it did not >>>>>>>> change >>>>>>>> the >>>>>>>> result. >>>>>>>> >>>>>>>> We are still looking for an answer. >>>>>>>> >>>>>>>> Thanks >>>>>>>> >>>>>>>>> On 5/12/15 12:03 PM, "Jack Swan" <john.swan@xxxxxxxxxx> wrote: >>>>>>>>> >>>>>>>>> >>>>>>>>> Occasionally we've had the spinning connecting problem here during >>>>>>>>> some >>>>>>>>> of our development. >>>>>>>>> You might try clearing/deleting any certificates for that particular >>>>>>>>> host >>>>>>>>> in Firefox. >>>>>>>>> >>>>>>>>> Tools->Options - Advanced. Select View Certificates and >>>>>>>>> delete/distruct >>>>>>>>> the certs for that host. >>>>>>>>> >>>>>>>>> Maybe that'll work. It did for us. >>>>>>>>> >>>>>>>>> ----- Original Message ----- >>>>>>>>> From: jbrose@xxxxxxx >>>>>>>>> To: users@xxxxxxxxxxxxxxxx >>>>>>>>> Sent: Tuesday, May 12, 2015 11:47:24 AM GMT -05:00 US/Canada Eastern >>>>>>>>> Subject: Re: SSL not working for ServerAlias through >>>>>>>>> load >>>>>>>>> balancer >>>>>>>>> >>>>>>>>> In Firefox we get the spinning "ConnectingŠ" indicator in the tab, >>>>>>>>> and >>>>>>>>> it >>>>>>>>> never advances any further. >>>>>>>>> >>>>>>>>>> On 5/12/15 11:27 AM, "Rich Bowen" <rbowen@xxxxxxxxxxx> wrote: >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>> On 05/12/2015 10:40 AM, Rose, John B wrote: >>>>>>>>>>> Red Hat 7 Apache 2.4 >>>>>>>>>>> >>>>>>>>>>> We are using name based virtual hosts SSL configuration. >>>>>>>>>>> >>>>>>>>>>> Which is working except not for one of our ServerAlias that goes >>>>>>>>>>> thru a >>>>>>>>>>> load balancer >>>>>>>>>>> >>>>>>>>>>> Not using SSL works fine. We can access all these via the >>>>>>>>>>> browser Š >>>>>>>>>>> >>>>>>>>>>> http://baseserver.sub.abc.com >>>>>>>>>>> http://first.sub.abc.com >>>>>>>>>>> http://first.abc.com >>>>>>>>>>> >>>>>>>>>>> Using SSL we can go to these successfully Š >>>>>>>>>>> >>>>>>>>>>> https://baseserver.sub.abc.com >>>>>>>>>>> https://First.sub.abc.com >>>>>>>>>>> >>>>>>>>>>> But not this Š >>>>>>>>>>> >>>>>>>>>>> https://first.abc.com >>>>>>>>>>> >>>>>>>>>>> Here is our config Š >>>>>>>>>>> >>>>>>>>>>> Have tried these .. >>>>>>>>>>> <VirtualHost *.443> >>>>>>>>>>> and >>>>>>>>>>> <VirtualHost first.sub.abc.com:443> >>>>>>>>>>> and >>>>>>>>>>> <VirtualHost first.abc.com:443> >>>>>>>>>>> >>>>>>>>>>> ServerName baseserver.sub.abc.com >>>>>>>>>>> ServerAlias first.sub.abc.com >>>>>>>>>>> ServerAlias first.abc.com >>>>>>>>>>> >>>>>>>>>>> SSLEngine on >>>>>>>>>>> DocumentRoot "/www/docs" >>>>>>>>>>> >>>>>>>>>>> <Directory "/www/docs"> >>>>>>>>>>> Š >>>>>>>>>>> </Directory> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> ProxyPassMatch ^/(.*\.php(/.*)?)$ >>>>>>>>>>> fcgi://127.0.0.1:9000/www/docs/ >>>>>>>>>>> DirectoryIndex index.php index.html >>>>>>>>>>> >>>>>>>>>>> SSL Certificate stuff Š >>>>>>>>>>> >>>>>>>>>>> </VirtualHost> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Any suggestions why the Load Balanced SSL ServerAlias. >>>>>>>>>>> https://first.abc.com, is not working? >>>>>>>>>> >>>>>>>>>> Can you elaborate on "not working"? What exactly happens? >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Rich Bowen - rbowen@xxxxxxxxxxx - @rbowen >>>>>>>>>> http://apachecon.com/ - @apachecon >>>>>>>>>> >>>>>>>>>> ------------------------------------------------------------------- >>>>>>>>>> -- >>>>>>>>>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >>>>>>>>>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -------------------------------------------------------------------- >>>>>>>>> - >>>>>>>>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >>>>>>>>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >>>>>>>>> >>>>>>>>> >>>>>>>>> -------------------------------------------------------------------- >>>>>>>>> - >>>>>>>>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >>>>>>>>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> --------------------------------------------------------------------- >>>>>>>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >>>>>>>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >>>>>>>> >>>>>>> >>>>>>> --------------------------------------------------------------------- >>>>>>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >>>>>>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >>>>>>> >>>>>> >>>>>> >>>>>> --------------------------------------------------------------------- >>>>>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >>>>>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >>>>>> >>>>> >>>>> --------------------------------------------------------------------- >>>>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >>>>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >>>>> >>>> >>>> >>>> --------------------------------------------------------------------- >>>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >>>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >>>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >>> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|