Forum Discussion
NimbostratusBrowser is throwing cert mismatch error inspite of having ssl offload on F5.
Below is the virtual server configuration. The VIP listens on port 443 and has ssl profile associated. Pool members are on port 80. Will the browser throw a certificate mismatch error?
ltm virtual sbweb-dr.xyz.com-443 { destination 10.x.x.x.:https ip-protocol tcp mask 255.255.255.255 partition Securebase pool sbweb-dr.xyz.com-80 profiles { /Common/http { } /Common/tcp { } sbweb.xyz.com { context clientside } } source 0.0.0.0/0 source-address-translation { type automap } vs-index 16 }
4 Replies
- Kevin_Stewart
Employee
The browser is going to throw a cert mismatch error if the X.509 subject (or subject Alt Name) of the server certificate defined in the client SSL profile does not match the host name requested by the client. If you can ignore the error in the browser, look at the properties of the certificate that it received from the BIG-IP. The certificate subject value should be the same as in the browser URL.
dipta_03_149731Yes Kevin,
I certificate we using for this site has a different common name.
Cert Common Name:sbweb.xyz.com Browser URL:sbweb-dr.xyz.com
!!!!!!
- Kevin_StewartThat explains it then. ;)
JinshuCirrus
Either use same common name for certificate and actual access or use a wildcard certificate in the F5 SSL profile (*.xyz.com).
-Jinshu
