From a browser
Attempt to reach https://api.duosecurity.com/auth/v2/ping via a web browser on the same network as your server. Successful access will result in a web page displaying a JSON response code. Example:
"response": {"time": 1445354727}, "stat": "OK"}
This indicates that port 443 is open, which is necessary for communication to our cloud service. Note: This browser test is specific to the device you're testing from and may not have the same egress point as a firewall or other device you're attempting to integrate with Duo.
- If you are able to access the URL above, check the certificate used to access that site by clicking on the icon beside "https://"" in your browser bar. The certificate should be issued by *.duosecurity.com. If it is issued by some other site, then there is likely an SSL proxy. In that case, make an exception in the SSL proxy for *.duosecurity.com
- If you are not able to access the URL above, or do not receive a JSON response code similar to the example, there may be a firewall rule in place preventing communication.
- If you receive an error message when accessing the page via Internet Explorer, you need to download and install the following certificates from https://www.digicert.com/digicert-root-certificates.htm in the local certificate store for all users (Note: This most commonly affects Windows Server 2008 R2 or earlier, but it is possible that later server versions may also lack the proper certificates):
- DigiCert High Assurance EV Root CA
- DigiCert SHA2 High Assurance Server CA
Via Telnet
This approach will provide accurate information regardless of network configuration.
From a command line, run:
telnet <IP address/API-hostname> 443
Successful connection is usually determined by a message such as "Connected to api.duosecurity.com," but may vary depending on the method used to establish the telnet connection. If the connection is not successful, there may be a firewall rule in place preventing communication.
Via PowerShell
This method is useful as it will also provide accurate information regardless of network configuration.
From a PowerShell Command line, run:
Invoke-WebRequest -Uri
https://api.duosecurity.com/auth/v2/ping
Note: If you have TLS 1.0 disabled, run the following command before the command above:
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
A successful response should look similar to the Content section below highlighted with italics:
StatusCode : 200 StatusDescription : OK Content : {"response": {"time": 1481915427}, "stat": "OK"} RawContent : HTTP/1.1 200 OK Connection: keep-alive Pragma: no-cache Strict-Transport-Security: max-age=31536000 Content-Security-Policy: default-src 'self'; img-src 'self' ; connect... Forms : {} Headers : {[Connection, keep-alive], [Pragma, no-cache], [Strict-Transport-Security, max-age=31536000], [Content-Security-Policy, default-src 'self'; img-src 'self' ; connect-src 'self']...} Images : {} InputFields : {} Links : {} ParsedHtml : System.__ComObject RawContentLength : 48
If you are running Powershell 2.0 on Server 2008R2, you may experience an issue trying to run invoke-webrequest due to the command not being found. This commandlet was not introduced until Powershell 3.0. You can install it on Powershell 2.0 from the following Microsoft page:
https://www.microsoft.com/en-gb/download/details.aspx?id=40855
来源:CSDN
作者:weixin_39833509
链接:https://blog.csdn.net/weixin_39833509/article/details/103595174