Skip to main content
Solved

SSL Update(24R1SU2): Shows Old certificate

  • August 15, 2024
  • 4 replies
  • 116 views
Darshana Herath
Hero (Former Employee)
Forum|alt.badge.img+14

Hi All,

 

I updated SSL certificate as the old one expired.

 

When I check from the management server, it shows the correct SSL certificate.

When I check from my laptop it shows the old certificate.

 

NOTE: I am using correct IFS binary version

 

I tried below,

  • Recreated and reinstalled middle tier.
  • Clear all caches in laptop

 

Any Idea?

Best answer by Ben Monroe

Hi Darshana,

I think it is important to verify whether the client is returning stale results from the cache. Please check the s_client output using OpenSSL from a client PC. You can do so as follows:

openssl s_client -connect <fqdn>:443

Replace <fqdn> with the FQDN for your environment. Please verify the validity of the returned results. You can type Q and Enter to exit the connection.

Do you have an proxies between the client and server that may be caching the old certificate? If so please try the above s_client verification from a location where the proxy cannot interfere.

 

Best regards -- Ben

https://www.linkedin.com/in/darshana-herath

4 replies

B
Superhero (Employee)
Forum|alt.badge.img+15
  • Ben Monroe
  • Superhero (Employee)
  • 182 replies
  • Answer
  • August 15, 2024

Hi Darshana,

I think it is important to verify whether the client is returning stale results from the cache. Please check the s_client output using OpenSSL from a client PC. You can do so as follows:

openssl s_client -connect <fqdn>:443

Replace <fqdn> with the FQDN for your environment. Please verify the validity of the returned results. You can type Q and Enter to exit the connection.

Do you have an proxies between the client and server that may be caching the old certificate? If so please try the above s_client verification from a location where the proxy cannot interfere.

 

Best regards -- Ben

H
Hero (Employee)
Forum|alt.badge.img+11
  • hhanse
  • Hero (Employee)
  • 200 replies
  • August 15, 2024

Is there an external proxy with an other cert in front of IFS Cloud? 

Darshana Herath
Hero (Former Employee)
Forum|alt.badge.img+14
  • Darshana Herath
  • Author
  • Hero (Former Employee)
  • 121 replies
  • August 19, 2024

Hi Darshana,

I think it is important to verify whether the client is returning stale results from the cache. Please check the s_client output using OpenSSL from a client PC. You can do so as follows:

openssl s_client -connect <fqdn>:443

Replace <fqdn> with the FQDN for your environment. Please verify the validity of the returned results. You can type Q and Enter to exit the connection.

Do you have an proxies between the client and server that may be caching the old certificate? If so please try the above s_client verification from a location where the proxy cannot interfere.

 

Best regards -- Ben

It was the proxy. Updated nginx with the new cert files.
Thank you

https://www.linkedin.com/in/darshana-herath
Darshana Herath
Hero (Former Employee)
Forum|alt.badge.img+14
  • Darshana Herath
  • Author
  • Hero (Former Employee)
  • 121 replies
  • August 19, 2024

Is there an external proxy with an other cert in front of IFS Cloud? 

It was the proxy. Updated nginx with the new cert files.
Thank you

https://www.linkedin.com/in/darshana-herath


Terms & ConditionsCookie settingsAccessibility statement