I've reproduced this in the lab - this only impacts deployments where TLS is enabled.
When TLS is enabled Apache2 is used to terminate the secure connection and then proxy the connection to the radosgw process - something in this data pipeline is causing the client provided signature to mismatch with the server calculated signature and authentication fails as a result.
Bypassing Apache2 and terminating the secure connection on haproxy works around the issue but does change the security profile of the deployment.
I've reproduced this in the lab - this only impacts deployments where TLS is enabled.
When TLS is enabled Apache2 is used to terminate the secure connection and then proxy the connection to the radosgw process - something in this data pipeline is causing the client provided signature to mismatch with the server calculated signature and authentication fails as a result.
Bypassing Apache2 and terminating the secure connection on haproxy works around the issue but does change the security profile of the deployment.