Forum Discussion
pgsmith_120398
Altostratus
Altostratushttps monitor with un-trusted certificate
I'm working with an application that doesn't support importing a new SSL certificate. I would like to monitor the application using an https montior like:
SEND:"GET /application/api/status\r\n"
RECEIVE:"REGISTERED"
However when i configure the monitor it does not work. When running a CURL on that URL from an SSH session to the LTM instance i get a certificate warning because its not trusted. I believe this is causing the monitor to fail. Is there a way to tell the monitor to ignore certificate warnings when executing the SEND?
pgsmith_120398thanks everyone, i figured it out. I assumed it was the untrusted SSL certificate that was the issue but it was how the SEND string was formatted. I ended up using:
GET /application/api/status HTTP/1.1\r\nHost: LB-FQDN\r\nConnection: close\r\n\r\n
and that resolved it. Thanks for your help.
Try adding -k while running curl to allow insecure connections and verify REGISTERED is returned.
- pgsmith_120398
Yes, if I add the -k switch to CURL I see what I expect in my RECEIVE field.
shaggyNimbostratus
f5 server-side SSL generally don't care about the server certificate as long as there is one. it could be a cipher compatibility issue, or your SEND string could be off. Did you test the GET in curl using a server-IP or the hostname?
Try adding another \r\n to terminate get request; might be your server requires HTTP 1.0 compliant requests.
ie: SEND:"GET /application/api/status\r\n\r\n"
- shaggy
This is a handy solution article for building HTTP requests for monitors - https://support.f5.com/kb/en-us/solutions/public/2000/100/sol2167.html
