IGEL ICG with Wildcard Certificate Error: Could not connect ot Secure Gateway – I/O error on GET request…


Any thoughts on first time setup of ICG with Wildcard Certificate. I’m getting the following error: Could not connect ot Secure Gateway – I/O error on GET request…


Firewall in the way?


There is a firewall, but we opened 22 and 8443


Weird, it looks like you have a DNS name and an IP address in the string.

Or maybe that is the resolved IP?


its the resolved IP of our IGEL ICG Server in our DMZ


Can/should this URL igelcgw.fchn.com:8443 be accessed publicly?


It should be

but i see it isn’t

@member should this work even before I apply the ICG installation. without the 8443

could it be something my linux guy didn’t setup right


It should not work until it’s applied. They exported keystore from the UMS includes the certificates necessary to setup the Apache web server on the ICG. Until the keystore is applied it won’t work.


Does the ICG installation not import those? @member


It should during installation. Did you do a remote install or a manual installation?


I’m doing a remote install


Understood. So the installation completed without error? Looking at this KB, here: kb.igel.com/igelicg-2.02/en/installing-the-igel-cloud-gateway-31601074.html


The installation completes successfully, but then after I put the host after, it fails

Should I have my UMS server route out and back in and not use a separate IP?

DMZ IP VS external

im using the FQDN


That should be ok. What is the host DNS name you’re using?


igelcgw.fchn.com igelcgw.fchn.com


Gotcha. Are you inputting anything into the external host entry?


I was, but i just tried without

and same result

i see the instructions use an IP and not a host name

maybe i should try that


They do on the internal path. For your clients to be able to reach the ICG, you’d then need an external path tied to the certificate as a DNS name, in this case, igelcgw.fchn.com igelcgw.fchn.com


ok I’ll try IP and fqdn for external


Interestingly enough, the port monitor of that host showed the following:


interesting. Looks like my guys dropped the ball


22 is open, 8443 is not,probably related to the yet to be completed setup of the iCG.

But, TBD.


ok thanks for the info

i’ll try some things


If there is a firewall on that Linux box that could explain some things.


I’ll double check with my linux admin


Sure

Here’s the PowerShell command you can use to test connectivity to that box, just change the port:

Test-NetConnection -InformationLevel detailed -ComputerName igelcgw.fchn.com igelcgw.fchn.com -Port 22


its itneresting because I told them to turn off 22 from the outside


Testing in Putty, I can definitely hit SSH to that address. I get a login prompt.

Maybe they flipped it, anyways, we’re here to help, let us know.


thank you for your help!


Sure!


i know I can get it to work cause I did it all on my own machines before our production environment, but I have to go through the right channels on the Production 😛


Totally get it.

Lmao, I know see 22 closed down.

now*


lol

Do you think a wildcard cert could affect this?


No, I use one on my ICG from Let’s Encrypt

I see 8443 open now


I’m wondering if I should just do an install without the remote installer

or maybe you know the command to check the firewall port? on the server

Continue reading and comment on the thread ‘IGEL ICG with Wildcard Certificate Error: Could not connect ot Secure Gateway – I/O error on GET request…’.  Not a member? Join Here!

Learn more, search the IGEL Knowledge Base



Ask a question or comment on the above messasge thread?

Join or log in to the IGEL Community to ask us anything and meet other IGEL customers, partners, and EUC enthusiasts.

Submit a question, or Join Today!


Popular Message Threads


Categories & Tags: