0

Our https on the custom domain was working well on appengine, i added the intermediate CA public to complete the chain in the cert (to be able to connect from another app without adding the intermediate cert), and changed my conf in the appengine console.

since then, no more SSL, ERR_CONNECTION_CLOSED appears when i call the https version of my app.

The http on the custom domain still works.

And no rollback possible (i tried to get back to the pervious configuration, the ERR_CONNECTION_CLOSED still appear).

Souhail Hanfi
  • 3
  • 4
  • same problem as here and it has no answer : http://stackoverflow.com/questions/27736986/google-apps-custom-domain-ssl-configured-but-connection-fails – Souhail Hanfi Oct 19 '15 at 08:51
  • you need the CA cert **and** the intermediate cert. The certificate file should contain in order: CA, intermediate certificate(s), your domain certificate. Search for 'SSL certificate checker' to help debug. – konqi Oct 19 '15 at 11:13
  • actually the cert is well formed, the problem seems to come from appEngine. We tried to put back the same key and cert that worked before, and the server always sends the same error – Souhail Hanfi Oct 19 '15 at 12:07
  • Could be a malformed cert is cached somewhere in the browser or a proxy. Have you tried it on a different machine / network? If that isn't the case i doubt that your cert is in the required format. It's hard to tell from the information you have. – konqi Oct 19 '15 at 12:56
  • curl https : //myDomain.io => returns : curl: (35) Server aborted the SSL handshake //////// openssl s_client -showcerts -connect myDomain.io:443 => returns : 6659:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-59/src/ssl/s23_lib.c:185: tried from different machine and network and it still the same i waited all the weekend to clear caches if there is ones. the error appeared directly after editing the ssl conf in GAE – Souhail Hanfi Oct 19 '15 at 13:04
  • Check out: http://stackoverflow.com/questions/12941703/use-curl-with-sni-server-name-indication . Also AppEngine does not support naked domains with SSL. – konqi Oct 19 '15 at 13:14
  • we dont use naked domain, myDomain.io is just an example. it worked before, works on http – Souhail Hanfi Oct 19 '15 at 13:18
  • Problem resolved ... :D i added a dns registration on another of my projects and added the same ssl cert and key, it worked on it, used the same conf on the project that had the problem, and it WORKED!!! strange bug but it works now. – Souhail Hanfi Oct 19 '15 at 15:48

0 Answers0