Cohen, Laurence wrote:
Hi everyone,
I have what I hope is a simple question with a simple answer that I'm
just overlooking. I have a need to temporarily put our application in
maintenance mode, and display a static page from our web server stating
that the application is temporarily unavailable.
The Web Server is Apache 2.2, and it contains Include lines for
rewrite.conf and nss.conf.
What I'm getting in the error log when I try to bring this up in a
browser is the following.
[Sat Mar 26 05:11:22 2016] [info] Connection to child 5 established
(server testweb01.novetta.com:443 <http://testweb01.novetta.com:443>,
client x.x.16.58)
[Sat Mar 26 05:11:23 2016] [info] Initial (No.1) HTTPS request received
for child 5 (server testweb01.novetta.com:443
<http://testweb01.novetta.com:443>)
[Sat Mar 26 05:11:23 2016] [info] Requesting connection re-negotiation
[Sat Mar 26 05:11:26 2016] [info] Connection to child 0 established
(server testweb01.novetta.com:443 <http://testweb01.novetta.com:443>,
client x.x.238.91)
[Sat Mar 26 05:11:26 2016] [info] Connection to child 3 established
(server testweb01.novetta.com:443 <http://testweb01.novetta.com:443>,
client x.x.238.91)
[Sat Mar 26 05:11:26 2016] [info] SSL input filter read failed.
[Sat Mar 26 05:11:26 2016] [error] SSL Library Error: -12195 Peer does
not recognize and trust the CA that issued your certificate
[Sat Mar 26 05:11:26 2016] [info] Connection to child 3 closed (server
testweb01.novetta.com:443 <http://testweb01.novetta.com:443>, client
x.x.238.91)
[Sat Mar 26 05:11:26 2016] [info] SSL library error -8172 writing data
[Sat Mar 26 05:11:26 2016] [info] SSL Library Error: -8172 Certificate
is signed by an untrusted issuer
[Sat Mar 26 05:11:26 2016] [error] (20014)Internal error: proxy: pass
request body failed to 10.3.238.91:443 <http://10.3.238.91:443>
(testweb01.novetta.com <http://testweb01.novetta.com>)
[Sat Mar 26 05:11:26 2016] [error] proxy: pass request body failed to
x.x..238.91:443 (testweb01.novetta.com <http://testweb01.novetta.com>)
from x.x.16.58 ()
[Sat Mar 26 05:11:26 2016] [info] Connection to child 5 closed (server...
I have tried this with :443 for the port in the nss.conf ProxyPass and
ProxyPassReverse statements, but it still doesn't work. Any ideas?
The server cert on testweb01.novetta.com was signed by an issuer that
your web server doesn't know. You'd need to add that CA to the mod_nss
certificate database (and probably restart Apache).
rob
_______________________________________________
Mod_nss-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/mod_nss-list
