reverse proxy key 'abc.com' doesn't match certificate issued to 'abc.com'

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

reverse proxy key 'abc.com' doesn't match certificate issued to 'abc.com'

L4 Transporter

How do I find from the firewall which backend server is not matching the certificate/key here. Alert doesn't give much information. We have about 20 servers behind with inbound decryption.

1 REPLY 1

Cyber Elite
Cyber Elite

@raji_toor,

If you look at the decrypt logs and you're logging all inbound traffic's URLs you can sometimes actually decipher or at least see the base URL even when you have a proxy failure. I'm assuming that you're using a wildcard certificate since you're having a hard time identifying the actual requested resource, so if that's not recorded in your logs you may have to attempt to "trace" the traffic and see if you can't see a link or something that they hit from another one of your resources.

It can also be helpful if you have the same public IP constantly pinging the resource to, if policy allows, just temporarily exclude it from inbound decryption after ensuring that all URL categories on the allowing security entry is set to at least 'alert' so it gets recorded. This will at least give you the base URL requested, as I assume that will let you identify the resource that isn't getting decrypted properly within your environment. 

  • 1477 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!