On Fri, Oct 12, 2012 at 5:16 PM, James Peach <jamespe...@me.com> wrote:
> > That looks perfectly reasonable. What does webint.example.net resolve to on > the client? Can you show me the result of "curl -v -v"? > After running the output trough "sed 's/readldomain/example.net/g'". All names are in public dns, and certs are valid: [janfrode@stl1 ~]$ host webint.example.net webint.example.net is an alias for webedge-vip1.services.example.net. webedge-vip1.services.example.net has address 81.167.37.99 [janfrode@stl1 ~]$ curl -vv [janfrode@stl1 ~]$ curl -v -v https://webint.example.net/ * About to connect() to webint.example.net port 443 * Trying 81.167.37.99... connected * Connected to webint.example.net (81.167.37.99) port 443 * successfully set certificate verify locations: * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * SSLv2, Client hello (1): error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure * Closing connection #0 curl: (35) error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure [janfrode@stl1 ~]$ rpm -q curl curl-7.15.5-9.el5.x86_64 Probably pre SNI curl version.. -jf
