Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can't get Reverse Proxy SSL to Work

    Scheduled Pinned Locked Moved Cache/Proxy
    1 Posts 1 Posters 490 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • SoloamS
      Soloam
      last edited by

      Hello all, I have a reverse proxy that I need to have HTTPS working. I keep getting a error

      The following error was encountered while trying to retrieve the URL: https://cloud.mywebsite.com
      
      Failed to establish a secure connection to 192.168.1.10
      
      The system returned:
      
      (92) Protocol error (TLS code: X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY)
      SSL Certficate error: certificate issuer (CA) not known: /C=XX/ST=XXXX/L=XXXX/O=XXXX/emailAddress=Email@mywebsite.com/CN=XXXX/OU=XXXX
      
      This proxy and the remote host failed to negotiate a mutually acceptable security settings for handling your request. It is possible that the remote host does not support secure connections, or the proxy is not satisfied with the host security credentials.
      
      Your cache administrator is admin@localhost.
      
      

      This error appears in a secure HTTPS connection, so the certificates being transmitted by the proxy are correct.

      This are my settings:

      External FQDN: mywebsite.com

      Enable HTTPS Reverse Proxy: checked
      Reverse HTTPS Port: 443
      Reverse SSL Certificate: <<crt1 -="" my="" certeficate="" created="" on="" pfsense="">>
      Ignore Internal Certificate Validation: not checked (if I checked it works, but it never validates if the certificate is correct, I tried to pass a invalid certificate and it worked the same)
      Client Certificate CA: <<ca1 -="" used="" to="" create="" above="" certeficate="">>

      I then import CA1 to my browser and set CRT1 to the service ssl folder. If I access the service without reverse proxy, it works and a secure HTTPS connection is made, but when I go by the proxy I get the error.

      Can any one help me?

      Thank You</ca1></crt1>

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.