Forum Discussion
CirrusHealth Monitor issue
CirrusHello,
As the only thing that change with your monitor is the client authentication certificate, my advice is to focus on the SSL Layer, both on your side and on the server side, but mainly focus on the certificate authentication configuration of the server. If the new certificate is issued by a new AC, it could be important to check if the server is trusting it.
Regarding your test, all of them have some miss :
1\ Telnet can only be used to test plain text http, not https so the reset is expected if the server is expecting ssl.
2\ The http 400 is probably here because the request in not well formed. Anyhow, you do not replicate the bigip monitor because there is no client certificate in your request,
3\ Same as below, but the payload seems fine. Anyhow, you do not replicate the bigip monitor because there is no client certificate in your request,
For curl, the synthax to used a client cert is :
$ curl --cert client.crt --key client.key --cacert ca.crt
Cheers,
Sam
Manu_NairHi Samco,
Thanks for the reply!!. The certificate CA is the same and all the Cert Parameters is also the same. But not sure why it did not work which we are investigating.
I Understood , that telnet will not work due to https but do we need to specifically mention the certificate and key for the other two methods.??. Cos i am getting http 400 series error, which means SSL is passed right and i assume something else causing this.
- SamCo
Yes, the HTTP 400 and 403 response mean you managed to established the SSL/TLS connection. But it does not mean the certificate check is ok for the server, it could establish the connection then inspect the certificate (IIS can make this from my experience).
Anyhow, if your health monitor need the client certificate to work, it mean you need it to replicate it with curl.
good luck,
Cheers,
Sam
- Manu_Nair
Thanks. I will replicate this with curl and see whats the outcome.
