You can enable the debug tag 'ssl' to get more data.

See
https://docs.trafficserver.apache.org/en/7.1.x/developer-guide/debugging/debug-tags.en.html?highlight=debug%20enable#other-useful-internal-debug-tags
https://docs.trafficserver.apache.org/en/7.1.x/admin-guide/files/records.config.en.html?highlight=debug%20enable#proxy.config.diags.debug.enabled

On Mon, Feb 19, 2018 at 11:12 AM, gksalil <gksa...@gmail.com> wrote:

> Hello
>
>   I have setup a MTLS forward proxy with ATS. But what happens is -
> connection to forward proxy is getting reset - I mean ATS is sending RST
> message to the client.
> I have verified the certificate that client is sending with the root CA
> certificate that ATS using for verifying the client certificate. That shows
> verified.
>
> ~ # openssl verify -CAfile /tmp/ca.pem /tmp/tomcat.pem
> /tmp/tomcat.pem: OK
>
> But from Wireshark I can see the following sequence
>
> client to server -> Certificate ,  client key exchange, certificate verify
> client to server -> Change Cipher spec, Encrypted handshake message
> Server to client -> [RST, ACK]
>
> How do I fix this issue - any clues ?
>
> from my records.conf
>
> CONFIG proxy.config.ssl.client.CA.cert.filename STRING ca.pem
> CONFIG proxy.config.ssl.CA.cert.filename STRING ca.pem
> CONFIG proxy.config.ssl.server.cert.path STRING <location where
> certificates
> are stored>
>
> CONFIG proxy.config.ssl.client.CA.cert.filename STRING ca.pem
> CONFIG proxy.config.ssl.client.CA.cert.path STRING <location where
> certificates are stored>
>
> Is there any way I can make ATS log more ssl logs ?
>
> Thanks in advance
> ~S
>
>
>
>
>
> --
> Sent from: http://apache-traffic-server.24303.n7.nabble.com/
>

Reply via email to