starred/dehydrated
1
0
Fork 0
mirror of https://github.com/dehydrated-io/dehydrated.git synced 2026-01-13 23:23:32 +01:00
Code Issues 79 Packages Projects Releases 10 Wiki Activity

Certificates issued with v 0.7.0 not working when applied to Kemp Loadmaster service #517

New Issue
Closed
opened 2025-12-29 01:26:41 +01:00 by adam · 1 comment
adam commented 2025-12-29 01:26:41 +01:00
Owner
Copy Link

Originally created by @bretgiddings on GitHub (Feb 13, 2021).

Having upgraded to version 0.7.0, I am finding that any newly issued live certificates don't work when applied to virtual IPs on Kemp Loadmasters. Running s_client against the virtual IP results in

# openssl s_client -connect host.name.on.kemp:443 < /dev/null | more
write:errno=0
CONNECTED(00000003)
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 99 bytes and written 637 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---

Using the same method to upload a certificate issued by a previous version of dehydrated (0.6.5) results in a valid certificate being returned. I suspect I may be seeing a similar issue with pushing a certificate to a Tomcat install.

If I use openssl x509 to examine the issued certificate, everything appears to be in order...

Originally created by @bretgiddings on GitHub (Feb 13, 2021). Having upgraded to version 0.7.0, I am finding that any newly issued live certificates don't work when applied to virtual IPs on Kemp Loadmasters. Running s_client against the virtual IP results in ``` # openssl s_client -connect host.name.on.kemp:443 < /dev/null | more write:errno=0 CONNECTED(00000003) --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 99 bytes and written 637 bytes Verification: OK --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- ``` Using the same method to upload a certificate issued by a previous version of dehydrated (0.6.5) results in a valid certificate being returned. I suspect I may be seeing a similar issue with pushing a certificate to a Tomcat install. If I use _openssl x509_ to examine the issued certificate, everything appears to be in order...
adam closed this issue 2025-12-29 01:26:41 +01:00
adam commented 2025-12-29 01:26:42 +01:00
Author
Owner
Copy Link

@bretgiddings commented on GitHub (Feb 13, 2021):

Doh - found the problem by comparing output of openssl x509 - I hadn't set the KEY_ALGO in the configuration file and thus the new version used a public key type that appears not to be supported.

@bretgiddings commented on GitHub (Feb 13, 2021): Doh - found the problem by comparing output of _openssl x509_ - I hadn't set the KEY_ALGO in the configuration file and thus the new version used a public key type that appears not to be supported.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
Complicated
bug
enhancement
help wanted
pull-request
Mirrored from GitHub Pull Request
 suggestions wanted
testing
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
adam
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/dehydrated#517
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?