Forum Discussion

Jimmy_L's avatar
Jimmy_L
Icon for Altostratus rankAltostratus
Jan 20, 2020

Certificate from Server SSL Profile Presented to Client

I know this makes no sense, but it appears that the certificate referenced in the server ssl profile on a VIP was presented to the client (my local web browser) instead of the certificate referenced in the client ssl profile. We are not doing client cert authentication, the server ssl profile only has a cert associated with it because it was thought it was needed by others who set it up, but most of our VIPs use the same server ssl profile and it doesn't seem to hurt anything.

 

We failed our prod traffic back to the Netscaler load balancer from which it had just been migrated, using the same IP as the F5 VIP, which I changed back to a test IP. I am now unable to reproduce the behavior on that test IP on the F5, either browsing by IP or with a local hosts file pointing the name to that IP. But I still have my old browser connection open that shows a certificate that matches the one on the server SSL profile, and it is distinct from the one on the client SSL profile or the one that the web server presents.

 

My best guess is either my browser had this cert cached somehow, although I don't know how it would have ever seen it, or a weird F5 bug.

 

Any ideas?

 

Thanks in advance. Unless no one answers, then you can all go pet a cat! Just kidding, thanks for reading.

  • I lean towards your theory that there is a cached cert somewhere. Clear your browser cache and SSL cache and see what happens. If it is a bug you should be able to recreate it.