Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

  1. Kemp Support
  2. Knowledge Base
  3. Security

error:1422E0EA:SSL routines:final_server_name:callback failed

Updated

 

Information

 

Summary:

Analysis of the meaning for SSL error logs when accessing an application via HTTPS.
Environment:

Product: LoadMaster

Version: 7.1.35 and above

Platform: All platforms

Application: IIS
Question/Problem Description:

Clients are getting a connection error when trying to access an application over HTTPS. This happens when the application is accessed with the IP Address that points to the Virtual Service instead of the hostname.
Steps to Reproduce:
  1. Create a HTTPS Virtual Service and add a Real Server that's listening on HTTPS.
  2. Make sure that the Real Server is passing health check.
  3. Under SSL properties, enable the "Require SNI hostname" option and add the SNI to be re-encrypted in the "Reencryption SNI Hostname"
  4. When connecting to the Virtual Service, if a name other than the SNI is used as the requested hostname, you should get the following or a similar error depending on the browser: ERR_SSL_UNRECOGNIZED_NAME_ALERT
Error Message: vsslproxy: Client X.X.X.X failed SSL negotiation (ssl/statem/extensions.c/1009): error:1422E0EA:SSL routines:final_server_name:callback failed)
Defect Number:  
Enhancement Number:  
Cause: Clients trying to access a Virtual without specifying the correct SNI.
Resolution: If the SNI is requred, clients should access the application only specifying the SNI to prevent this type of error and to be able to connect to the application.
Workaround:  
Notes:  

Comments

In this document