When client opens the webpage https://xray.csintra.net/x-ray/supervisor/ , he gets the certificate error message asking further option to click on continue anyway Please guide me on how to get rid of this error.

make sure your certificate contain Common name xray.csintra.net or use wild card certificate as *.csintra.com matching in your certificate so that you can get rid of certificate error Cheers Snl

Hi Samit, When client goes https://xray.csintra.net/x-ray/supervisor/ in his browser, the browser checks the certificate. If the certificate is having issue, you would get that error page. You need to see multiple factors here. Is the certificate expiredIs the common name put in correctly.Does it require xray.csintra.net added as SAN name, as the CN is different. etc, etc. Find the VIP of this setup. Goto the LTM. Find the corresponding client-ssl. Check the certificate of that. Renew/Update the certificate accordingly.

@Samit, I guess, your LB F5 VIP url & backend server host name doesn't match as per SSL cert. That is the reason you are getting SSl error. Please check that part.

Hi Rock, web URL opens via F5 only when option "continue anyway " is clicked . But this shouldn't happen .url should open directly..

Can you please open the F5 VIP IP via mozila browser, click advance, Add exception and View certificate. Looks like you have selected default f5 cert. example https://1.1.1.1

Certificate error message in big ip ltm

Snl
Cirrostratus
Aug 27, 2017
make sure your certificate contain Common name xray.csintra.net or use wild card certificate as *.csintra.com matching in your certificate so that you can get rid of certificate error

Cheers Snl
jaikumar_f5
MVP
Aug 27, 2017
Hi Samit,

When client goes https://xray.csintra.net/x-ray/supervisor/ in his browser, the browser checks the certificate. If the certificate is having issue, you would get that error page. You need to see multiple factors here.

Is the certificate expired
Is the common name put in correctly.
Does it require xray.csintra.net added as SAN name, as the CN is different.

etc, etc.

Find the VIP of this setup. Goto the LTM. Find the corresponding client-ssl. Check the certificate of that. Renew/Update the certificate accordingly.
Samir_Jha_52506
Noctilucent
Aug 27, 2017
@Samit, I guess, your LB F5 VIP url & backend server host name doesn't match as per SSL cert. That is the reason you are getting SSl error. Please check that part.
- Samit_jadhav
  Altostratus
  Aug 27, 2017
  Hi Rock, web URL opens via F5 only when option "continue anyway " is clicked . But this shouldn't happen .url should open directly..
- Samir_Jha_52506
  Noctilucent
  Aug 27, 2017
  Can you please open the F5 VIP IP via mozila browser, click advance, Add exception and View certificate. Looks like you have selected default f5 cert.
  
  example
  
  https://1.1.1.1
- Samir_Jha_52506
  Noctilucent
  Aug 29, 2017
  Can you please paste the VIP configuration details.
Al_150955
Nimbostratus
Aug 28, 2017
Hi,

You can also do a workaround and configure the virtual server type as Forwarding and not Standard.

Is the backend server on HTTPS?
- Samit_jadhav
  Altostratus
  Aug 29, 2017
  Yes backend server is on https..I've tried with forwarding but didn't work...
- Al_150955
  Nimbostratus
  Aug 29, 2017
  Could you post the vs configuration?
Alb3
Altostratus
Aug 28, 2017
Hi,

You can also do a workaround and configure the virtual server type as Forwarding and not Standard.

Is the backend server on HTTPS?
- Samit_jadhav
  Altostratus
  Aug 29, 2017
  Yes backend server is on https..I've tried with forwarding but didn't work...
- Alb3
  Altostratus
  Aug 29, 2017
  Could you post the vs configuration?
PPawar_309940
Nimbostratus
Aug 29, 2017
I hope you are creating the correct ssl client profile by importing the correct key and certs and key(with password) if any.

Once that is done you need to append the profile to the vip listening on 443.

This is the only thing you need when you offload ssl to f5.

Thanks, Pankaj