|
I've been searching and trying things all day and can't seem to get OCSP
stapling working on my web server farm.
I don't believe it is a firewall issue, as I've taken it out of the
equation and still encounter the same issue. I've also tested this on a
machine not behind the load balancer and it seems to work (I get a response
from openssl s_client, though the online ssl testers still show stapling as
not working).
I am using nginx on several web servers fronted with LVS NAT. LVS is
listening on both 80 and 443 so that it can redirect the requests back to
nginx.
I have the appropriate settings/files on all of the web servers, but am
getting a timeout when testing it (I've tried several variations of this
command):
openssl s_client -connect mydomain.com:443 -tls1 -tlsextdebug -status
and I get:
Socket: Connection timed out
connect:errno=110
I also cannot telnet to mydomain on either 80 or 443. So I'm suspected at
this point that the LVS server is the culprit. Is there a way to either set
up a cert on that machine or configure it to pass back to the web servers
to handle the OCSP/openssl requests?
Thanks,
Brian
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
|
