|
|
|
|
|
|
by jiggawatts
1377 days ago
|
|
|
> Weird SSL errors Wild stab in the dark: the only things that would kill SSL/TLS on a disk-image based lift & shift where the certificates and associated config moves with the VM are: - An internal Certificate Revocation List (CRL) Distribution Point (CDP) was forgotten about and not moved along with everything else. These are often Enterprise PKI certificate authorities on servers like AD domain controllers. Admins will typically deploy new domain controllers in the cloud, and move everything else. They'll forget the old CAs and maybe even turn them off. This then causes SSL issues after... about a week. - Another possibility is that they incorrectly moved an outbound access restriction. Again, overzealous network security admins tend to block Internet access on servers and forget about CRLs. It's an especially common issue on "secure" environments where someone decides to block HTTP outbound and only permit HTTPS because it's "secure". However, CRLs (and OCSP) absolutely require HTTP and will never work via HTTPS by design. |
|
|
If these are old systems, it could be this... if they're running .NET apps compiled against framework pre... 4.7? 4.8? TLS ain't gonna work...