Forum Discussion
Mike_Maher
Nimbostratus
Nimbostratus2-Way SSL issue on v11.1
I have box that I upgraded from v10.2.0 HF 2 to v11.1 HF 2, and now all the applications that have server side 2 way ssl are not working. I have a case open with support to look into this, but I thou...
nitass
Employee
Employeemine is 11.1.0. i do not configure trusted certificate authorities in serverssl profile since i think it might not be relevant.
root@ve1110(Active)(/Common)(tmos) show sys version
Sys::Version
Main Package
Product BIG-IP
Version 11.1.0
Build 1943.0
Edition Final
Date Sun Nov 20 18:27:50 PST 2011
root@ve1110(Active)(/Common)(tmos) list ltm virtual bar
ltm virtual bar {
destination 172.28.19.252:443
ip-protocol tcp
mask 255.255.255.255
pool foo
profiles {
clientssl {
context clientside
}
myserverssl {
context serverside
}
tcp { }
}
snat automap
vlans-disabled
}
root@ve1110(Active)(/Common)(tmos) list ltm pool foo
ltm pool foo {
members {
172.28.19.79:443 {
address 172.28.19.79
}
}
min-active-members 1
}
root@ve1110(Active)(/Common)(tmos) list ltm profile server-ssl myserverssl
ltm profile server-ssl myserverssl {
app-service none
cert client.crt
defaults-from serverssl
key client.key
}
accessing pool member directly
[root@ve1110:Active] config curl -Ik https://172.28.19.79
curl: (35) error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure
[root@ve1110:Active] config curl -Ik https://172.28.19.79 --cert /var/tmp/client.crt --key /var/tmp/client.key
HTTP/1.1 200 OK
Date: Sat, 14 Apr 2012 07:40:21 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Fri, 11 Nov 2011 14:48:14 GMT
ETag: "4183e4-3e-9c564780"
Accept-Ranges: bytes
Content-Length: 62
Content-Type: text/html; charset=UTF-8
accessing virtual server
[root@ve1110:Active] config curl -Ik https://172.28.19.252
HTTP/1.1 200 OK
Date: Sat, 14 Apr 2012 07:40:37 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Fri, 11 Nov 2011 14:48:14 GMT
ETag: "4183e4-3e-9c564780"
Accept-Ranges: bytes
Content-Length: 62
Content-Type: text/html; charset=UTF-8