unable to get peer cert

Users are suddenly unable to connect to a site they use for taking CC payments. My firebox isn't blocking it, but the connection keeps getting reset. Logs show this

2020-11-05 11:34:59 pxy 0x10c34470-149770 105: 63.246.243.57:53662 -> 204.87.213.86:443 [B t] {N}: Accept SSL Error [ret 0 | SSL err 0 | errno: Connection reset by peer] Domain: webfeepay.com PFS: ALLOWED | ALLOWED Debug
2020-11-05 11:34:59 https-proxy 0x10c34470-149770 105: 63.246.243.57:53662 -> 204.87.213.86:443 [B t] {N}: unable to get peer cert

Any help? The site is up, and has valid cert.

Comments

  • edited November 2020

    You could add a HTTPS packet filter to that IP addr or domain name, at least temporarily.

    For the record, what firewall model and XTM version do you have?

  • james.carsonjames.carson Moderator, WatchGuard Representative

    I would also suggest checking the TLS settings in your HTTPS proxy -- make sure PFS is set to allowed.

    Bruce's suggestion could work provided that you know the site's IPs or FQDNs that are being accessed.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.