Any thoughts on first time setup of ICG with Wildcard Certificate. I’m getting the following error: Could not connect ot Secure Gateway – I/O error on GET request…
Firewall in the way?
There is a firewall, but we opened 22 and 8443
Weird, it looks like you have a DNS name and an IP address in the string.
Or maybe that is the resolved IP?
its the resolved IP of our IGEL ICG Server in our DMZ
Can/should this URL igelcgw.fchn.com:8443 be accessed publicly?
It should be
but i see it isn’t
@member should this work even before I apply the ICG installation. without the 8443
could it be something my linux guy didn’t setup right
It should not work until it’s applied. They exported keystore from the UMS includes the certificates necessary to setup the Apache web server on the ICG. Until the keystore is applied it won’t work.
Does the ICG installation not import those? @member
It should during installation. Did you do a remote install or a manual installation?
I’m doing a remote install
Understood. So the installation completed without error? Looking at this KB, here: kb.igel.com/igelicg-2.02/en/installing-the-igel-cloud-gateway-31601074.html
The installation completes successfully, but then after I put the host after, it fails
Should I have my UMS server route out and back in and not use a separate IP?
DMZ IP VS external
im using the FQDN
That should be ok. What is the host DNS name you’re using?
igelcgw.fchn.com igelcgw.fchn.com
Gotcha. Are you inputting anything into the external host entry?
I was, but i just tried without
and same result
i see the instructions use an IP and not a host name
maybe i should try that
They do on the internal path. For your clients to be able to reach the ICG, you’d then need an external path tied to the certificate as a DNS name, in this case, igelcgw.fchn.com igelcgw.fchn.com
ok I’ll try IP and fqdn for external
Interestingly enough, the port monitor of that host showed the following:
interesting. Looks like my guys dropped the ball
22 is open, 8443 is not,probably related to the yet to be completed setup of the iCG.
But, TBD.
ok thanks for the info
i’ll try some things
If there is a firewall on that Linux box that could explain some things.
I’ll double check with my linux admin
Sure
Here’s the PowerShell command you can use to test connectivity to that box, just change the port:
Test-NetConnection -InformationLevel detailed -ComputerName igelcgw.fchn.com igelcgw.fchn.com -Port 22
its itneresting because I told them to turn off 22 from the outside
Testing in Putty, I can definitely hit SSH to that address. I get a login prompt.
Maybe they flipped it, anyways, we’re here to help, let us know.
thank you for your help!
Sure!
i know I can get it to work cause I did it all on my own machines before our production environment, but I have to go through the right channels on the Production 😛
Totally get it.
Lmao, I know see 22 closed down.
now*
lol
Do you think a wildcard cert could affect this?
No, I use one on my ICG from Let’s Encrypt
I see 8443 open now
I’m wondering if I should just do an install without the remote installer
or maybe you know the command to check the firewall port? on the server
Continue reading and comment on the thread ‘IGEL ICG with Wildcard Certificate Error: Could not connect ot Secure Gateway – I/O error on GET request…’. Not a member? Join Here!
Learn more, search the IGEL Knowledge Base
Ask a question or comment on the above message thread?
Join or log in to the IGEL Community to ask us anything and meet other IGEL customers, partners, and EUC enthusiasts.Submit a question, or Join Today!