Forum Discussion
F5 will not do Load balancing "only" for SSL connections!
Windows IIS7 server, has UCC SAN Certificate, and has the proper bindings modified via cscript for "hostname." The local host name does not match the UCC SAN certificate, forcing me to use "cscript."
If you go directly to the server , the SSL certificate works perfectly (green lock on Chrome!) If I change DNS to point to the F5, the results are either "no connection" or invalid certificate.
I want the F5 to ONLY load balance, not off-load the SSL.
If I simply use "none" for both client and server SSL profiles, https never connects to the node. If I add client-only SSL, I connect, but my certificate fails to be approved.
- keshav_163381Nimbostratus
Can you please f5 Virtual configuration without ssl profile ?
- brian-memeo_235Nimbostratus
Oh, hell. I know why that will never work. Load balancing won't have any idea as to which host the next reply packet belongs to, unless it authenticates the session and sets up the connection.
However, does anyone have a working F5 up front, with Windows IIS behind it? Please fill me in as to how you have it configured to support SSL certificates. (Other than reinstall with Unix and walk away.)
2 things i can think of that would cause this.
Firstly are the health checks returning that the backend is ok?
Secondly, do the backend servers have a route to the clients that goes through the F5 or do they go direct? If they go direct you need to enable SNAT (automap should work fine) in order for the traffic to flow correctly.
Regards,
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com