You can enable the debug tag 'ssl' to get more data. See https://docs.trafficserver.apache.org/en/7.1.x/developer-guide/debugging/debug-tags.en.html?highlight=debug%20enable#other-useful-internal-debug-tags https://docs.trafficserver.apache.org/en/7.1.x/admin-guide/files/records.config.en.html?highlight=debug%20enable#proxy.config.diags.debug.enabled
On Mon, Feb 19, 2018 at 11:12 AM, gksalil <[email protected]> wrote: > Hello > > I have setup a MTLS forward proxy with ATS. But what happens is - > connection to forward proxy is getting reset - I mean ATS is sending RST > message to the client. > I have verified the certificate that client is sending with the root CA > certificate that ATS using for verifying the client certificate. That shows > verified. > > ~ # openssl verify -CAfile /tmp/ca.pem /tmp/tomcat.pem > /tmp/tomcat.pem: OK > > But from Wireshark I can see the following sequence > > client to server -> Certificate , client key exchange, certificate verify > client to server -> Change Cipher spec, Encrypted handshake message > Server to client -> [RST, ACK] > > How do I fix this issue - any clues ? > > from my records.conf > > CONFIG proxy.config.ssl.client.CA.cert.filename STRING ca.pem > CONFIG proxy.config.ssl.CA.cert.filename STRING ca.pem > CONFIG proxy.config.ssl.server.cert.path STRING <location where > certificates > are stored> > > CONFIG proxy.config.ssl.client.CA.cert.filename STRING ca.pem > CONFIG proxy.config.ssl.client.CA.cert.path STRING <location where > certificates are stored> > > Is there any way I can make ATS log more ssl logs ? > > Thanks in advance > ~S > > > > > > -- > Sent from: http://apache-traffic-server.24303.n7.nabble.com/ >
