02-28-2022 10:01 AM
Hello Duo Community,
I am trying to setup a Web Application in our DNG but I get a 502 Bad Gateway.
zav-mon-central.cameoglobal.local
) as CN.In the logs, I can see the following:
network-gateway-portal | 2022/02/28 17:36:30 [error] 202#0: *94 upstream SSL certificate verify error: (21:unable to verify the first certificate) while SSL handshaking to upstream, client: 178.51.111.250, server: monitoring.cameoglobal.eu, request: "GET / HTTP/1.1", upstream: "https://10.32.6.240:443/", host: "monitoring.cameoglobal.eu", referrer: "https://■■■■■■■■■■■■■■■■■■■■■■■■■■■■/"
In this line, I do not see any mention to the server’s hostname.
When I look in the log file, the only mention I see is:
network-gateway-admin | 2022-02-28 17:24:10+0000 [admin] Arguments: {"_xsrf": "********************************", "ikey": "■■■■■■■■■■■■■■■■■■■■", "skey": "****************************************", "■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■", "enable_frameless": "on", "ehost": "monitoring.cameoglobal.eu", "external_host_cert_source": "own", "external_host_cert": "", "external_host_key": "", "allowlist_values": "", "allowlist_ips": "", "ihost": "https://zav-mon-central.cameoglobal.local/", "private_certificate_authority": "on", "internal_host_cert": "", "http_host_header_name": "internal", "ssl_sni_and_cert_name": "internal", "session_duration": "480", "upstream_response_timeout": "180", "client_max_body_size": "128"}
Regards,
Antony
Solved! Go to Solution.
02-28-2022 12:39 PM
Hello! thanks for reaching out!
This likely means that the DNG doesn’t trust the CA which was used to sign your certificate.
Did you try checking the “I’m using a private certificate authority” box and uploading the full certificate chain? (if it’s a single self-signed certificate, upload upload that certificate)
02-28-2022 12:39 PM
Hello! thanks for reaching out!
This likely means that the DNG doesn’t trust the CA which was used to sign your certificate.
Did you try checking the “I’m using a private certificate authority” box and uploading the full certificate chain? (if it’s a single self-signed certificate, upload upload that certificate)
03-01-2022 01:57 AM
You pointed me in the right direction:
Thank you.
Antony
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide