Bad Gateway - The proxy server received an invalid response from an upstream server

  • 7009447
  • 29-Sep-2011
  • 26-Apr-2012


Novell Access Management 3.1
Novell Access Management 3.1 Support Pack 3 IR2 applied.
Novell Access Manager 3.1 Linux Access Gateway Service


The Linux Access Gateway Service had secure communication between the proxy and the back-end webserver.
The Web Server Trusted Root setting was set to Any in Reverse Proxy Truststore.
The trustchain of the presented certificate of the back-end webserver had more then 1 certificate.
The /var/log/novell-apache2/error_log showed the following error message:
Verification: Certificate Chain too long (chain has 2 certificates, but maximum allowed are only 1


Add the SSLProxyVerifyDepth 5 to the advanced options under the Access Gateway Service Server Configuration page.

See example below on how this should look like:
#NAGGlobalOptions FlushUserCache=on
#NAGGlobalOptions DebugHeaders=on
#NAGGlobalOptions DebugFormFill=on
#NAGGlobalOptions NoURLNormalize=on
#NAGGlobalOptions AppendProviderID=on
#NAGAdditionalRewriterScheme webcal://
SSLProxyVerifyDepth 5

Reported to engineering and in future release the default of 1 will be changed to a higher value.