PowerFlex: Gateway high availability connection not trusted
Summary: Gateways configured for high availability using HAProxy and Keepalive, with a virtual IP address (VIP) HAProxy certificate's Common Name (CN) differs from the address used to access the Gateway. ...
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
HTTP clients, curl, browser, etc., report that the connection to the Gateway is not secure.
Connection to the Gateway cannot be trusted by clients.
Connection to the Gateway cannot be trusted by clients.
Cause
Clients access the Gateways using the VIP's FQDN or VIP.
Clients are presented with the HAProxy's certificate, which contains a different CN.
As the certificate's CN and the address used to access the Gateway differ, clients cannot verify the certificate's authenticity.
Clients are presented with the HAProxy's certificate, which contains a different CN.
As the certificate's CN and the address used to access the Gateway differ, clients cannot verify the certificate's authenticity.
Resolution
This is NOT a PowerFlex issue.
Workaround:
Reissue HAProxy's certificate using the FQDN or IP address used to access the gateway (VIP's FQDN or VIP).
Access the Gateway using the VIP's FQDN or VIP.
Workaround:
Reissue HAProxy's certificate using the FQDN or IP address used to access the gateway (VIP's FQDN or VIP).
Access the Gateway using the VIP's FQDN or VIP.
Affected Products
PowerFlex Software, VxFlex Product Family, VxFlex Ready Node, ScaleIO Ready Node-PowerEdge 13G, Ready Node SeriesArticle Properties
Article Number: 000182613
Article Type: Solution
Last Modified: 11 Nov 2025
Version: 5
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.