|
|
|
|
|
|
by sceptically
1369 days ago
|
|
|
I am struggeling so hard... IT departments of two customer companies just moved VMs with a one week deadline to Azure and everything stopped working and I have the responsibility as external developer... Weird SSL errors I have no clue how to fix. I think they are talking about my clients in this reddit post. |
|
|
Wild stab in the dark: the only things that would kill SSL/TLS on a disk-image based lift & shift where the certificates and associated config moves with the VM are:
- An internal Certificate Revocation List (CRL) Distribution Point (CDP) was forgotten about and not moved along with everything else. These are often Enterprise PKI certificate authorities on servers like AD domain controllers. Admins will typically deploy new domain controllers in the cloud, and move everything else. They'll forget the old CAs and maybe even turn them off. This then causes SSL issues after... about a week.
- Another possibility is that they incorrectly moved an outbound access restriction. Again, overzealous network security admins tend to block Internet access on servers and forget about CRLs. It's an especially common issue on "secure" environments where someone decides to block HTTP outbound and only permit HTTPS because it's "secure". However, CRLs (and OCSP) absolutely require HTTP and will never work via HTTPS by design.