hello all,
I am attempting to secure crowd using apache and a reverse proxy. I have setup all of the components in terms of placing the certificate files in their proper location, modifying the server.xml file to reflect the name of the server and the location of the certs. when browsing to the site via https I get the following message, can anyone here provide some context into what may be going on here and what i can do to resolve this error, all services appear to be running without incident and all of the log files look good so I'm stumped.
ERR_SSL_PROTOCOL_ERROR and will say that the domain sent an invalid response.
This site can’t provide a secure connection.
Hi @Shannon Harvey ,
First things first, I'd check the the time on your local machine to make sure your clock is showing the correct time and set to automatically update itself. There are a few configurations (especially with OCSP stapling) where having the time off on your local workstation by a couple minutes can cause errors like this.
After that, I'd look into what ciphers are enabled. Can you provide the portions of your Apache configuration file that you used to create the reverse proxy? Inside that virtualhost there may be a SSLCipherSuite directive - or potentially it's at a higher level. One possibility is that this directive only has options enabled that your browser doesn't support (so we'd need to change which ciphers are on).
Are there other applications running through the same Apache instance which work? That can also scope the issue down to the VirtualHost for Crowd. At any rate - seeing the Apache configuration will help!
Thanks,
Daniel
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.