Hi,
What you want is 'proxy.config.ssl.CA.cert.filename' and
proxy.config.ssl.CA.cert.path not the client.CA configs. I know it is a bit
confusing. The client.CA ones are used to verify origin server certificates.
Try the configs and see if that works.
Docs for the configs:
records.config — Apache Traffic Server 8.0.0 documentation
|
|
| |
records.config — Apache Traffic Server 8.0.0 documentation
|
|
|
- SincerelySyeda Persia Aziz
Software DeveloperYahoo! Inc.Champaign, Illinois
On Wednesday, February 21, 2018, 10:41:32 AM CST, Alan Carroll
<[email protected]> wrote:
I meant more what *units* the handshake_timer is. Looking at the code, it
seems to be in seconds meaning it is unlikely that is the problem (if the
handshake took .5s with a 20s timeout).
I'd recommend having any configuration value at most once, although I don't
think it would break anything.
Looking at the code, it appears the client cert verify callback was hit
(SSLUtils.cc:1687) with a failure reported by openSSL. I'd look at debug
messages much earlier, during process start, to see if the certs are getting
loaded correctly.
