trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "juergenp[core]" <juerg...@core.at>
Subject Error=unable to get local issuer certificate server
Date Sun, 01 Mar 2020 16:49:48 GMT
Hello,


i run ATS10

the origin server has a private ip with existing DNS entry pointing to 
that (i know unsafe -but it's a work-around - split-dns config is a bit 
confusing, because ats still does round robin on the dns-servers i 
entered in /etc/resolve.conf)

the certificate i have installed is  a wildcard-certificate.

Both, ATS and the origin server, have that certificate installed.


this is the error-message:

[Mar  1 17:11:14.243] [ET_NET 8] WARNING: Core server certificate 
verification failed for (www.xxx.at). Action=Continue Error=unable to 
get local issuer certificate server=w40.xxx.at(10.19.0.40) depth=2




the remap.config looks like this: (i had to use the www-mappings because 
the redirect parameter is ignored - but thats a different issue)

#   redirect     http://www.xxx.at/    http://xxx.at/
  #  redirect     https://www.xxx.at/   https://xxx.at/

#i tried also:

  #  redirect     http://www.xxx.at/    http://w40.xxx.at/
   # redirect     https://www.xxx.at/   https://w40.xxx.at/

-------

map http://www.xxx.at/                http://w40.xxx.at/
##reverse_map http://w40.xxx.at/            http://www.xxx.at/

map https://www.xxx.at/          https://w40.xxx.at/
#reverse_map https://w40.xxx.at/          https://www.xxx.at/


map http://xxx.at/              http://w40xxx.at/
reverse_map http://w40.xxx.at/         http://xxx.at/
map https://xxx.at/               https://w40.xxx.at/
reverse_map https://w40.xxx.at/           https://xxx.at/
------------


ssl-multicert.config

------------------------

dest_ip=111.111.111.111 ssl_cert_name=/opt/ts/etc/ssl/certs/xxx.pem 
ssl_key_name=/opt/ts/etc/ssl/keys/xxx.private.pem 
ssl_ca_name=/opt/ts/etc/ssl/certs/ca.pem
dest_ip=* ssl_cert_name=/opt/ts/etc/ssl/certs/xxx.pem 
ssl_key_name=/opt/ts/etc/ssl/keys/xxx.private.pem 
ssl_ca_name=/opt/ts/etc/ssl/certs/ca.pem
-----------------------------------




splitdns.config

----

dest_domain=xxx.at named=10.19.0.9 def_domain="xxx.at" search_list="xxx.at"
dest_domain=!xxx.at named=10.19.0.201
-----------





Mime
View raw message