Netgate SG-1000 microFirewall

Author Topic: Can't get Reverse Proxy SSL to Work  (Read 97 times)

0 Members and 1 Guest are viewing this topic.

Offline soloam

  • Full Member
  • ***
  • Posts: 122
  • Karma: +1/-1
    • View Profile
Can't get Reverse Proxy SSL to Work
« on: November 29, 2017, 09:56:14 pm »
Hello all, I have a reverse proxy that I need to have HTTPS working. I keep getting a error

Code: [Select]
The following error was encountered while trying to retrieve the URL: https://cloud.mywebsite.com

Failed to establish a secure connection to 192.168.1.10

The system returned:

(92) Protocol error (TLS code: X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY)
SSL Certficate error: certificate issuer (CA) not known: /C=XX/ST=XXXX/L=XXXX/O=XXXX/emailAddress=Email@mywebsite.com/CN=XXXX/OU=XXXX

This proxy and the remote host failed to negotiate a mutually acceptable security settings for handling your request. It is possible that the remote host does not support secure connections, or the proxy is not satisfied with the host security credentials.

Your cache administrator is admin@localhost.

This error appears in a secure HTTPS connection, so the certificates being transmitted by the proxy are correct.

This are my settings:

External FQDN: mywebsite.com

Enable HTTPS Reverse Proxy: checked
Reverse HTTPS Port: 443
Reverse SSL Certificate: <<CRT1 - my certeficate created on pfsense>>
Ignore Internal Certificate Validation: not checked (if I checked it works, but it never validates if the certificate is correct, I tried to pass a invalid certificate and it worked the same)
Client Certificate CA: <<CA1 - used to create above certeficate>>


I then import CA1 to my browser and set CRT1 to the service ssl folder. If I access the service without reverse proxy, it works and a secure HTTPS connection is made, but when I go by the proxy I get the error.

Can any one help me?

Thank You