Reverse Proxy not working for Remote Worker, netstat -ant | grep 443 / netstat -ant | grep 7777 / netstat -ant | grep 8443. Revers Proxy not Listen on this Ports

 ASBCE

The issue is that if you update a TLS server/client profile those are not pushed to the ssl.conf file on NGINX untill you unassign/reassign that profile to the reverse proxy.

So for example say in reverse proxy you have a service called PPM, under LISTENTLSPROFILE you have a profile called tlsSERVER and nder the server you have one called tlsCLIENT.

Then you go into the TLS management and change the CA that is in use in that server/client profile.

Those changes are not propogated to /usr/local/nginx/conf/PPM/PPMssl.conf Under proxy_ssl_trusted_certificate this is probably true for other values.

So the GUI may say you are using a particular CA but until you remove/re add from the reverse proxy  then the new chosen CA is not updated.

When trying to strat nginx server on SBCE

 /usr/local/nginx/bin/nginx -s reload nginx: [emerg] SSL_CTX_load_verify_locations("/usr/local/ipcs/cert/ca/DigiCertSHA2SecureServerCA.crt ,DigiCertGlobalRootCA.crt") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/usr/local/ipcs/cert/ca/DigiCertSHA2SecureServerCA.crt,DigiCertGloba lRootCA.crt','r') error:2006D080:BIO routines:BIO_new_file:no such file error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib)

 In above example there are multiple certs, one is probably just an empty file 'r' that happens to be in that directory.

A wireshark-type trace might show TCP resets when looking at outside, inside traffic RST will come from outside interface as nginx being down can't propagate traffic to inside interface