Comment 1 for bug 1966669

I've reproduced this in the lab - this only impacts deployments where TLS is enabled.

When TLS is enabled Apache2 is used to terminate the secure connection and then proxy the connection to the radosgw process - something in this data pipeline is causing the client provided signature to mismatch with the server calculated signature and authentication fails as a result.

Bypassing Apache2 and terminating the secure connection on haproxy works around the issue but does change the security profile of the deployment.