Nginx reverse proxy SSL handshake error

linux nginx ubuntu reverse-proxy proxy

Solution 1:

Without duplicating the private key and certificate, the handshake cannot complete:

A TLS (version 1.3) handshake is initiated by a ClientHello message, to which ServerHello, EncryptedExtensions, Certificate, and CertificateVerify messages are expected in response. The Certificate message contains the certificate and the CertificateVerify message contains a signature computed using the private key. Hence, the handshake cannot complete without duplicating the private key and certificate.

You need to duplicate.

When you think about the properties of SSL/TLS, the need for duplication should become intuitive, because SSL/TLS is used for server authentication (which requires the private key, otherwise authentication wouldn't be achieved).

Alternatively, you could use two distinct private keys and certificates. I'll elaborate if that's acceptable for you.

Related

Needs to set nodev option on DB directories in linux
CENTOS apache ALL=(root) NOPASSWD: /path/to/shell.sh is not working
nginx reverse-proxy 502 (111: connection refused) while connecting to upstream [duplicate]
fastcgi cache how-to cache for logged-in users and make it custom for each user
How should I configure BIND9 to forward a zone?
AWS EC2 - The requested configuration is currently not supported. Please check the documentation for supported configurations
RHEL 7.1 iscsid fails to get target as networking doesn't seem to have started
Powershell script to pull users from an ad group and create folder with permissions
Redirect SSH traffic through GRE tunnel
how to export all FreeIPA users list to a csv format?
How to extend 1U / 2U servers with multiple 2 slot full height GPUs for sharing? [closed]
How to verify if an email was received and read