We found the problem. We had cookie persistence turned on the load balancer but we were terminating the certificate on the server. Apparently to have cookie persistence you have to terminate on the load balancer. Thanks for all the help. Much appreciated. On 5/12/15 5:52 PM, "Yann Ylavic" <ylavic.dev@xxxxxxxxx> wrote: >You should then see "activity" with LogLevel debug, where does this leads? > >(Note regarding *:443, you indicated *.443 -with a dot- in the >original message, was that a typo?) > >On Tue, May 12, 2015 at 11:32 PM, Rose, John B <jbrose@xxxxxxx> wrote: >> We checked netstat -an while attempting the https thru the browser. It >> seems to be getting to the server. >> >> tcp 0 0 xxx.xxx.xxx.xxx:443 yyy.yyy.yyy.yyy:35948 >>TIME_WAIT >> tcp 0 0 xxx.xxx.xxx.xxx:443 yyy.yyy.yyy.yyy:36375 >> FIN_WAIT2 >> Etc. >> >> >> On 5/12/15 5:13 PM, "Yann Ylavic" <ylavic.dev@xxxxxxxxx> wrote: >> >>>Can't it be that the LB does not let the connection pass through? >>>If the LB is not an SSL end point, it may block based on the Server >>>Name Indication (SNI)? >>>On the httpd side, maybe you could look at the network level if the >>>connection with the client is established (netstat, tcpdump, ...). >>> >>>On Tue, May 12, 2015 at 11:02 PM, Rose, John B <jbrose@xxxxxxx> wrote: >>>> It is not generating an entry in the Apache log files. Unless we have >>>> missed it. But we believe have looked thru them thoroughly. >>>> >>>> On 5/12/15 4:01 PM, "Yann Ylavic" <ylavic.dev@xxxxxxxxx> wrote: >>>> >>>>>Can you see the connection arrive, somehow timeout, and finally be >>>>>logged on the Apache server? >>>>> >>>>>On Tue, May 12, 2015 at 9:53 PM, Rose, John B <jbrose@xxxxxxx> wrote: >>>>>> Yann >>>>>> >>>>>> All efforts appreciated. >>>>>> >>>>>> First.abc.com goes thru a load balancer >>>>>> >>>>>> http://first.abc.com >>>>>> >>>>>> Works fine. >>>>>> >>>>>> https://first.abc.com >>>>>> >>>>>> does not >>>>>> >>>>>> If I understand your question correctly. >>>>>> >>>>>> John >>>>>> >>>>>> >>>>>> >>>>>> On 5/12/15 3:40 PM, "Yann Ylavic" <ylavic.dev@xxxxxxxxx> wrote: >>>>>> >>>>>>>Probably a silly question, but, is first.abc.com accessible (dns, >>>>>>>route, ...) from the client host? >>>>>>> >>>>>>>Regards, >>>>>>>Yann. >>>>>>> >>>>>>>On Tue, May 12, 2015 at 9:12 PM, Rose, John B <jbrose@xxxxxxx> >>>>>>>wrote: >>>>>>>> We gave that a try based on your recommendation, but it did not >>>>>>>>change >>>>>>>>the >>>>>>>> result. >>>>>>>> >>>>>>>> We are still looking for an answer. >>>>>>>> >>>>>>>> Thanks >>>>>>>> >>>>>>>> On 5/12/15 12:03 PM, "Jack Swan" <john.swan@xxxxxxxxxx> wrote: >>>>>>>> >>>>>>>>> >>>>>>>>>Occasionally we've had the spinning connecting problem here during >>>>>>>>>some >>>>>>>>>of our development. >>>>>>>>>You might try clearing/deleting any certificates for that >>>>>>>>>particular >>>>>>>>>host >>>>>>>>>in Firefox. >>>>>>>>> >>>>>>>>>Tools->Options - Advanced. Select View Certificates and >>>>>>>>>delete/distruct >>>>>>>>>the certs for that host. >>>>>>>>> >>>>>>>>>Maybe that'll work. It did for us. >>>>>>>>> >>>>>>>>>----- Original Message ----- >>>>>>>>>From: jbrose@xxxxxxx >>>>>>>>>To: users@xxxxxxxxxxxxxxxx >>>>>>>>>Sent: Tuesday, May 12, 2015 11:47:24 AM GMT -05:00 US/Canada >>>>>>>>>Eastern >>>>>>>>>Subject: Re: SSL not working for ServerAlias through >>>>>>>>>load >>>>>>>>>balancer >>>>>>>>> >>>>>>>>>In Firefox we get the spinning "ConnectingŠ" indicator in the tab, >>>>>>>>>and >>>>>>>>>it >>>>>>>>>never advances any further. >>>>>>>>> >>>>>>>>>On 5/12/15 11:27 AM, "Rich Bowen" <rbowen@xxxxxxxxxxx> wrote: >>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>On 05/12/2015 10:40 AM, Rose, John B wrote: >>>>>>>>>>> Red Hat 7 Apache 2.4 >>>>>>>>>>> >>>>>>>>>>> We are using name based virtual hosts SSL configuration. >>>>>>>>>>> >>>>>>>>>>> Which is working except not for one of our ServerAlias that >>>>>>>>>>>goes >>>>>>>>>>>thru a >>>>>>>>>>> load balancer >>>>>>>>>>> >>>>>>>>>>> Not using SSL works fine. We can access all these via the >>>>>>>>>>>browser Š >>>>>>>>>>> >>>>>>>>>>> http://baseserver.sub.abc.com >>>>>>>>>>> http://first.sub.abc.com >>>>>>>>>>> http://first.abc.com >>>>>>>>>>> >>>>>>>>>>> Using SSL we can go to these successfully Š >>>>>>>>>>> >>>>>>>>>>> https://baseserver.sub.abc.com >>>>>>>>>>> https://First.sub.abc.com >>>>>>>>>>> >>>>>>>>>>> But not this Š >>>>>>>>>>> >>>>>>>>>>> https://first.abc.com >>>>>>>>>>> >>>>>>>>>>> Here is our config Š >>>>>>>>>>> >>>>>>>>>>> Have tried these .. >>>>>>>>>>> <VirtualHost *.443> >>>>>>>>>>> and >>>>>>>>>>> <VirtualHost first.sub.abc.com:443> >>>>>>>>>>> and >>>>>>>>>>> <VirtualHost first.abc.com:443> >>>>>>>>>>> >>>>>>>>>>> ServerName baseserver.sub.abc.com >>>>>>>>>>> ServerAlias first.sub.abc.com >>>>>>>>>>> ServerAlias first.abc.com >>>>>>>>>>> >>>>>>>>>>> SSLEngine on >>>>>>>>>>> DocumentRoot "/www/docs" >>>>>>>>>>> >>>>>>>>>>> <Directory "/www/docs"> >>>>>>>>>>> Š >>>>>>>>>>> </Directory> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> ProxyPassMatch ^/(.*\.php(/.*)?)$ >>>>>>>>>>>fcgi://127.0.0.1:9000/www/docs/ >>>>>>>>>>> DirectoryIndex index.php index.html >>>>>>>>>>> >>>>>>>>>>> SSL Certificate stuff Š >>>>>>>>>>> >>>>>>>>>>> </VirtualHost> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Any suggestions why the Load Balanced SSL ServerAlias. >>>>>>>>>>> https://first.abc.com, is not working? >>>>>>>>>> >>>>>>>>>>Can you elaborate on "not working"? What exactly happens? >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>-- >>>>>>>>>>Rich Bowen - rbowen@xxxxxxxxxxx - @rbowen >>>>>>>>>>http://apachecon.com/ - @apachecon >>>>>>>>>> >>>>>>>>>>----------------------------------------------------------------- >>>>>>>>>>-- >>>>>>>>>>-- >>>>>>>>>>To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >>>>>>>>>>For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>>------------------------------------------------------------------ >>>>>>>>>-- >>>>>>>>>- >>>>>>>>>To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >>>>>>>>>For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >>>>>>>>> >>>>>>>>> >>>>>>>>>------------------------------------------------------------------ >>>>>>>>>-- >>>>>>>>>- >>>>>>>>>To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >>>>>>>>>For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>------------------------------------------------------------------- >>>>>>>>-- >>>>>>>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >>>>>>>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >>>>>>>> >>>>>>> >>>>>>>-------------------------------------------------------------------- >>>>>>>- >>>>>>>To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >>>>>>>For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>>--------------------------------------------------------------------- >>>>>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >>>>>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >>>>>> >>>>> >>>>>--------------------------------------------------------------------- >>>>>To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >>>>>For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >>>>> >>>> >>>> >>>> --------------------------------------------------------------------- >>>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >>>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >>>> >>> >>>--------------------------------------------------------------------- >>>To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >>>For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >>> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >> > >--------------------------------------------------------------------- >To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx