I am trying to use SSL for both Client/Traffic Server and Traffic Server/Origin Server connections. Every time I try to connecting with curl -vvv -k https://domain1.com or a web browser I get the message Success with a 502 error. In the logs it states I get the following errors: ERROR: SSL::2:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:s3_clnt.c:1063:
Also when I restart ATS I get the following error in the logs: ERROR: SSL ERROR: Cannot use server private key file: /usr/local/etc/trafficserver/domain2.key I am certain I am using the right certificate and key for domain 2 and domain 1. And I am sure they are both validated. In fact I setup SSL on the domain2 and tested from the ATS server with curl -vvv -k https://domain2.com and it works. I am using the same certificate and key from this server. Did I setup something incorrectly? Here is my remap.config file settings: Map http://domain1.com:80 http://domain2.com:80 map https://domain1.com:443 https://domain2.com:443 My ssl_multicert.config dest_ip=ipaddressofdomain2:443 ssl_cert_name=domain2.cer ssl_key_name=domain2.key dest_ip=ipaddressofdomain1:443 ssl_cert_name=domain1.cer ssl_key_name=domain1.key My records.config CONFIG proxy.config.ssl.enabled INT 1 CONFIG proxy.config.ssl.number.threads INT 0 CONFIG proxy.config.ssl.SSLv2 INT 0 CONFIG proxy.config.ssl.SSLv3 INT 1 CONFIG proxy.config.ssl.TLSv1 INT 1 CONFIG proxy.config.ssl.server.honor_cipher_order INT 0 CONFIG proxy.config.ssl.compression INT 1 CONFIG proxy.config.ssl.server_ports ssl:443 CONFIG proxy.config.ssl.client.certification_level INT 0 CONFIG proxy.config.ssl.server.cert_chain.filename STRING NULL # CONFIG proxy.config.ssl.server.cert.filename CONFIG proxy.config.ssl.server.cert.path STRING etc/trafficserver CONFIG proxy.config.ssl.server.private_key.path STRING etc/trafficserver # CONFIG proxy.config.ssl.server.private_key.filename CONFIG proxy.config.ssl.CA.cert.filename STRING NULL CONFIG proxy.config.ssl.CA.cert.path STRING etc/trafficserver CONFIG proxy.config.ssl.client.verify.server INT 1 # CONFIG proxy.config.ssl.client.cert.filename STRING CONFIG proxy.config.ssl.client.cert.path STRING etc/trafficserver # CONFIG proxy.config.ssl.client.private_key.filename STRING CONFIG proxy.config.ssl.client.private_key.path STRING /usr/local/etc/trafficserver CONFIG proxy.config.ssl.client.CA.cert.filename STRING NULL CONFIG proxy.config.ssl.client.CA.cert.path etc/trafficserver Each of the certificates and keys have 644 permissions for the same user running traffic_manager/traffic_server My ATS version is 3.2.0 Any help with why I am getting these errors would be greatly appreciated. Thanks, Megan
