Somehow all the other posts don’t specifically solve my issue so…
Hi all,
I have two backend servers that are running on Port 443 SSL via IIS using the CCS (Centralized Certification Server) module.
Access to those two backend servers works fine:
However the health check on HaProxy fails with a Layer 6 issue.
[WARNING] (5477) : Server cso-cs-frontends/otcs01 is DOWN, reason: Layer6 invalid response, info: "SSL handshake failure", check duration: 1ms. 1 active and 0 backup servers left.
I already tried to use a verifyhost however it did not solve the issue. Ideas? The certificate is a wildcard one from sectigo since dev machines.
backend config:
backend cso-cs-frontends
balance roundrobin
mode http
cookie SERVERID insert indirect nocache
server otcs01 msecmcsf01.otxlab.net:443 ssl verifyhost msecmcsf01.otxlab.net verify required ca-file /data/cso-fs-ssl/sectigo-cert-chain.crt cookie msecmcsf01 check
server otcs02 msecmcsf02.otxlab.net:443 ssl verifyhost msecmcsf02.otxlab.net verify required ca-file /data/cso-fs-ssl/sectigo-cert-chain.crt cookie msecmcsf02 check
Thanks!
1 post - 1 participant