Astaro User Bulletin Board
Go Back   Astaro User Bulletin Board > Astaro Gateway Products > Hardware, Installation, Up2Date, Licensing
Reload this Page Webfilter / http proxy hangs with error "failed to read SSL certificate"
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Welcome to the Astaro User Bulletin Board.
If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 06-20-2009, 03:16 PM
Junior Member
  
Join Date: Jun 2008
Posts: 6
Default Webfilter / http proxy hangs with error "failed to read SSL certificate"
While activating the Webfilter via Web Security -> HTTP/S I get these errors in Livelog:

Code:
2009:06:20-14:04:30 mail httpproxy[9664]: Integrated HTTP-Proxy (c) 2007-2008 Astaro AG
2009:06:20-14:04:30 mail httpproxy[9664]: [ (nil)] main (httpproxy.c:173) reading configuration
2009:06:20-14:04:30 mail httpproxy[9664]: [ (nil)] confd_config_filter (confd-client.c:1817) failed to read SSL certificate
2009:06:20-14:04:31 mail httpproxy[9664]: [ (nil)] main (httpproxy.c:178) error reading config, exiting

If I click on Web Security -> HTTP/S -> HTTPS-CAs this error message appears:

Code:
Information:
Can't use string ("0") as a HASH ref while "strict refs" in use at /PerlApp/wfe/asg/modules/asg_http.pm line 1379.

Sidesteps:
- It is a fresh installed ASG 120, License is ok
- Firmware-Version: 7.403
- I tried to Re-generate WebAdmin Certificate with Management -> WebAdmin Settings -> HTTPS Certificate, nothing happens

Could anybody help me?

Sascha
Reply With Quote
  #2 (permalink)  
Old 06-20-2009, 03:50 PM
BAlfson's Avatar
Moderator
  
Join Date: Mar 2007
Location: Oklahoma City
Posts: 4,953
Default
I think the WebAdmin cert is different. Did you try to regen the Signing CA on the 'HTTPS CAs' tab?

Is this a unit that you load with a USB CDROM?

Cheers - Bob
__________________
ACE V7 - Astaro Preferred Partner since V3
Addicted to my iPhone!
Reply With Quote
  #3 (permalink)  
Old 06-20-2009, 06:55 PM
Junior Member
  
Join Date: Jun 2008
Posts: 6
Default
1. I'm switching to "Management -> WebAdmin Settings -> HTTPS Certificate -> Re-generate WebAdmin certificate", enter the System DNS Hostname, then clicking on Apply - nothing happens. Did you mean this switch?
2. No - the unit is just a box without CDROM. The software was preinstalled, fresh out of the box.

Thanks, Sascha
Reply With Quote
  #4 (permalink)  
Old 06-20-2009, 07:37 PM
BAlfson's Avatar
Moderator
  
Join Date: Mar 2007
Location: Oklahoma City
Posts: 4,953
Default
1. No, not that one. 'Web Security >> HTTP/S' 'HTTPS CAs' tab.

One of the problems that people cause themselves is giving the ASG the wrong hostname. The best practice is to give it the public FQDN that resolves to its external IP. For clients who use the SMTP Proxy, we normally use a hostname of mail.domainname.com.

Cheers - Bob
__________________
ACE V7 - Astaro Preferred Partner since V3
Addicted to my iPhone!
Reply With Quote
  #5 (permalink)  
Old 06-20-2009, 08:00 PM
Junior Member
  
Join Date: Jun 2008
Posts: 6
Default
Ok, while activating http proxy and clicking on HTTPS CAs I get the following error message:
Code:
Information:
Can't use string ("0") as a HASH ref while "strict refs" in use at /PerlApp/wfe/asg/modules/asg_http.pm line 1379.
Thanx,
Sascha
Reply With Quote
  #6 (permalink)  
Old 06-20-2009, 10:07 PM
BAlfson's Avatar
Moderator
  
Join Date: Mar 2007
Location: Oklahoma City
Posts: 4,953
Default
Can you show a screencap of that?
__________________
ACE V7 - Astaro Preferred Partner since V3
Addicted to my iPhone!
Reply With Quote
  #7 (permalink)  
Old 06-20-2009, 11:23 PM
Junior Member
  
Join Date: Jun 2008
Posts: 6
Default
Sure, here is it …

Reply With Quote
  #8 (permalink)  
Old 06-21-2009, 12:48 PM
BAlfson's Avatar
Moderator
  
Join Date: Mar 2007
Location: Oklahoma City
Posts: 4,953
Default
It looks like a gremlin climbed into that box before they shipped it to you! I suspect there was a problem in imaging the hard drive, but since this is a new unit, that's a judgement I'd rather leave to your reseller or Astaro: https://www.astaro.com/license/open_support_case.

If you don't already have a MyAstaro account, it's free to register for one.
__________________
ACE V7 - Astaro Preferred Partner since V3
Addicted to my iPhone!
Reply With Quote
  #9 (permalink)  
Old 06-21-2009, 01:13 PM
Junior Member
  
Join Date: Jun 2008
Posts: 6
Default
Thanks for your help Bob - I will do that.

Sascha
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT. The time now is 11:12 AM.

 
Contact Us - Astaro User Bulletin Board - Archive - Top

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.


These pages are specifically maintained for the discussion of firewall issues within the Open Source community, and might already reflect new alpha/beta releases under development. Please refer to our product specifications for the functionality of the actual release. Discussions of new/enhanced functionality does not constitute a commitment of Astaro, to integrate this functionality into future releases. issues within the Open Source community, and might already reflect new alpha/beta releases under development. Please refer to our product specifications for the functionality of the actual release. Discussions of new/enhanced functionality does not constitute a commitment of Astaro, to integrate this functionality into future releases.