I've checked again, but the time on those servers is correct..
On 2015-04-23 14:16, Daniel Schneller wrote:
Have you checked the time/date on the Haproxy host?
If they are wrong, the certificate might look bad from HAProxy’s
point of view.
Daniel
--
Daniel Schneller
Infrastructure Architect / Developer
CenterDevice GmbH
On 23.04.2015, at 10:00, i...@linux-web-development.de wrote:
Hi!
I'm having trouble with one of our HAProxy-Servers that uses a
backend with TLS. When starting HAProxy the backend will report all
servers as down:
Server web_remote/apache_rem_1 is DOWN, reason: Layer6 invalid
response, info: "SSL handshake failure", check duration: 41ms. 1
active and 0 backup servers left. 0 sessions active, 0 requeued, 0
remaining in queue.
My backend configuration is as follows:
backend web_remote
balance leastconn
option httpchk HEAD /
option redispatch
retries 3
default-server inter 5000 rise 2 fall 5 maxconn 10000 maxqueue
50000
server apache_rem_1 1.2.3.4:12345 check maxconn 1000 maxqueue 5000
ssl ca-file /etc/ssl/web.pem
server apache_rem_2 2001:1:2:3:4:5:6:8:12345 check maxconn 1000
maxqueue 5000 ssl ca-file /etc/ssl/web.pem
This backend worked just fine until now, a quick wget on the server
also worked and openssl s_client reports the certificate of the
backend to be valid.
I couldn't find anything on the list except that the error would be
due to SSL_ABORT, but I'm not sure what this is supposed to tell
me...
Is there anything else for HAProxy/TLS that could be configured
wrong? How could I debug this issue when everything else reports the
handshake was successful?
