Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1050
Views
1
Helpful
2
Replies

Duo Network Gateway - Error 502

Go to solution
Antony GALLEZ
Level 1
Level 1

‎02-28-2022 10:01 AM

Hello Duo Community,

I am trying to setup a Web Application in our DNG but I get a 502 Bad Gateway.

  • DNG version: 1.6.1 with RDP feature enabled.
  • RDP is working fine
  • 2FA SSO works fine.
  • Right after the 2FA thing, I get that 502 Error.
  • Internal server uses a self-signed certificate I uploaded to DNG. That certificate inludes the server’s hostname (zav-mon-central.cameoglobal.local) as CN.
  • When you connect to the website internally, there is something add at the end of the URL.

In the logs, I can see the following:

network-gateway-portal | 2022/02/28 17:36:30 [error] 202#0: *94 upstream SSL certificate verify error: (21:unable to verify the first certificate) while SSL handshaking to upstream, client: 178.51.111.250, server: monitoring.cameoglobal.eu, request: "GET / HTTP/1.1", upstream: "https://10.32.6.240:443/", host: "monitoring.cameoglobal.eu", referrer: "https://■■■■■■■■■■■■■■■■■■■■■■■■■■■■/"

In this line, I do not see any mention to the server’s hostname.

When I look in the log file, the only mention I see is:

network-gateway-admin | 2022-02-28 17:24:10+0000 [admin] Arguments: {"_xsrf": "********************************", "ikey": "■■■■■■■■■■■■■■■■■■■■", "skey": "****************************************", "■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■", "enable_frameless": "on", "ehost": "monitoring.cameoglobal.eu", "external_host_cert_source": "own", "external_host_cert": "", "external_host_key": "", "allowlist_values": "", "allowlist_ips": "", "ihost": "https://zav-mon-central.cameoglobal.local/", "private_certificate_authority": "on", "internal_host_cert": "", "http_host_header_name": "internal", "ssl_sni_and_cert_name": "internal", "session_duration": "480", "upstream_response_timeout": "180", "client_max_body_size": "128"}

Regards,
Antony

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Sharif_Anani
Level 1
Level 1

‎02-28-2022 12:39 PM

Hello! thanks for reaching out!

This likely means that the DNG doesn’t trust the CA which was used to sign your certificate.

Did you try checking the “I’m using a private certificate authority” box and uploading the full certificate chain? (if it’s a single self-signed certificate, upload upload that certificate)

View solution in original post

2 Replies 2

Go to solution
Sharif_Anani
Level 1
Level 1

‎02-28-2022 12:39 PM

Hello! thanks for reaching out!

This likely means that the DNG doesn’t trust the CA which was used to sign your certificate.

Did you try checking the “I’m using a private certificate authority” box and uploading the full certificate chain? (if it’s a single self-signed certificate, upload upload that certificate)

Go to solution
Antony GALLEZ
Level 1
Level 1
In response to Sharif_Anani

‎03-01-2022 01:57 AM

@Sharif_Anani,

You pointed me in the right direction:

  • indeed, we use self-signed certificates
  • I checked the box but I did not include the CA in the certificated I uploaded
  • I changed that now and it works perfectly.

Thank you.

Antony

0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents