proxy_ssl_verify error: 'upstream SSL certificate does not match "test.example.com" while SSL handshaking to upstream', for CN/SAN 'matched' client & server certs ?

PGNet Dev pgnet.dev at gmail.com
Tue Jun 2 04:43:20 UTC 2020


On 6/1/20 8:42 AM, Maxim Dounin wrote:
> 
>      proxy_ssl_server_name on;
> 
> to see if it helps.  See http://nginx.org/r/proxy_ssl_server_name
> for details.

enabling it _has_ an effect.

now,

access to



	https://example.com/app1



responds,



-	502 Bad Gateway
+	421 Misdirected Request

> 
> You may also try the following patch to provide somewhat better
> debug logging when checking upstream server SSL certificates:

I'll get this in place & see what i learn ...


More information about the nginx mailing list