My setup is like this
ngnix(aws) -> tomcat server(on the same aws server)
$ nginx -v
nginx version: nginx/1.14.0 (Ubuntu)
$ openssl version
OpenSSL 1.1.0g 2 Nov 2017
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 18.04.1 LTS
Release: 18.04
Codename: bionic
Content of /etc/nginx/conf.d/myapp.conf
server {
listen 80;
server_name myapp.com;
return 301 https://$server_name$request_uri;
}
server {
listen *:443 ;
ssl on;
ssl_certificate /tmp/nginx.crt;
ssl_certificate_key /tmp/nginx.key;
server_name myapp.com;
access_log /var/log/nginx/myapp.access.log;
error_log /var/log/nginx/myapp.error.log;
location / {
proxy_pass http://localhost:8764;
}
}
When I am trying to visit myapp from browser, I am getting ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Someone suggested by I should try to connect it using OpenSSL,
openssl s_client -connect myapp.com:443
CONNECTED(00000003)
140211097622168:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:769:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 305 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1533215612
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
Can someone suggest whats the issue here?
You need to specifiy the servername, as in:
The one you give in the connect, gets resolved to an IP address and is never seen by the server. So the server doesn't know what certificate to use. I overlooked the "AWS". The IP address you get for myapp.com may be used by hundreds or thousands of systems.