SSL/TLS Handshake through Firewall issues

[derekxero]

Not sure if this belongs in networking section / what's causing the issue:

I have a CentOS machine acting as a firewall / router, and another machine connected to it. The main firewall / router machine can access the internet (http/https) with no issues. The machine connected to it has its settings / interface configured properly, can ping websites, other networked machines, etc.

The proper ports, services, sources, and firewall rules are configured so that the connected machine(s) should be able to access the internet. When I try to navigate to an unencrypted / http webpage, I get a 403 forbidden error. When I try to navigate to an encrypted / https webpage, I get an unrecognized certificate / issuer error, I select 'Add Exception', and then get an SSL/TLS Handshake Failure.

I can't think of what might be causing the issue. The primary firewall / router machine doesn't have difficulty accessing the internet / websites.

[aks]

When I try to navigate to an unencrypted / http webpage, I get a 403 forbidden error.

Who is returning this? Is it the router machine? If so that's where the problem is.


When I try to navigate to an encrypted / https webpage, I get an unrecognized certificate / issuer error,

What certificate do you get? Is it self signed? Is it for a different domain? etc....

I select 'Add Exception', and then get an SSL/TLS Handshake Failure.

Yeah, don't do that.

Sounds like DNS (your side of the router) ain't working properly and/or you're trying to intercept TLS at the router.

[dunch]

Does your firewall/router machine have a proxy server running? Are you trying to access the web through this proxy?