SSL Auth Proxy Error

Darren_Kemp1 · ‎04-06-2022

Our test server has a weird SSL issue on startup that our PROD servers do not have.
They both have basically the same config. What could be causing this? (The server does work as expected)

2022-04-06T14:23:12-0400 [duoauthproxy.lib.log#info] SSL disabled. No server key and certificate configured.
2022-04-06T14:23:12-0400 [duoauthproxy.lib.log#info] Duo Security Authentication Proxy 5.0.2 - Init Complete

DuoPablo · ‎04-07-2022

Hi @Darren_Kemp1 ,

On your test Auth Proxy, I would suggest checking the authproxy.cfg to ensure your SSL settings are correct/match the production server. For instance, if you are using LDAPS for your transport type, please ensure that you have the port and certificates defined for such:

Example:
ssl_port=
ssl_key_path=
ssl_cert_path=

Hope this helps!

Darren_Kemp1 · ‎04-07-2022

Hey Pablo!

What’s interesting here is I don’t have any of those set in TEST or PROD. We are just using the proxies to redirect a handful of apps to our 2 AD domains - the ad_client configs are using ldaps and a certfile containing the ROOT CA of the domain servers. These all work fine.

Despite the ssl stuff not configured in either server, only TEST gets that startup error.

Amy2 · ‎04-12-2022

Hi @Darren_Kemp1, if you are still having trouble with this, I’d recommend reaching out to the Duo Support team for further troubleshooting. They can take a look at your configuration and give you more exact guidance on this!

DuoKristina · ‎04-13-2022

The lines immediately preceding this should give you a hint. Do you maybe have an ldap_server_auto section on your TEST server which does not have a certificate and keyfile specified for SSL? Is the startup of that LDAP server shown on a line that says LDAP Automatic Factor Server Module Configuration a few lines before the log excerpt you shared here?

Duo, not DUO.