Forum Discussion

Kannan_106873's avatar
Kannan_106873
Icon for Nimbostratus rankNimbostratus
Aug 30, 2012

HTTPS to HTTPS not working

Hi All,

 

 

I am getting cert error while redirecting from HTTPS to HTTPS, Find below detailed explanation

 

 

HTTP to HTTPS working fine:-

 

 

http://testcare.example.com/ to https://testcare.example.com/analytics/saw.dll?bieehome&startPage=1

 

 

HTTPS to HTTPS not working:-

 

 

We would like to redirect,

 

 

https://testcare.example.com/ to https://testcare.example.com/analytics/saw.dll?bieehome&startPage=1

 

 

Irule For HTTP to HTTPS:-

 

 

when HTTP_REQUEST {

 

 

if {[HTTP::uri] eq "/"}{

 

HTTP::redirect "https://testcare.example.com/analytics/saw.dll?bieehome&startPage=1"

 

}

 

}

 

 

Using the same certificate for both scenario( HTTP to HTTPS & HTTPS to HTTPS) but getting certi error only during HTTPS to HTTPS redirection. It would be great if someone can guide me on how to proceed on this issue.
  • Request and Response Header:-

     

     

    https://testcare.example.com/

     

     

    GET https://testcare.example.com/ HTTP/1.1

     

    Host: testcare.example.com

     

    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:14.0) Gecko/20100101 Firefox/14.0.1

     

    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

     

    Accept-Language: en-us,en;q=0.5

     

    Accept-Encoding: gzip, deflate

     

    Connection: keep-alive

     

     

    HTTP/1.0 302 Found

     

    Location: https://testcare.example.com/analytics/saw.dll?bieehome&startPage=1

     

    Server: BigIP

     

    Connection: Keep-Alive

     

    Content-Length: 0

     

    ----------------------------------------------------------

     

    https://testcare.example.com/analytics/saw.dll?bieehome&startPage=1

     

     

    GET https://testcare.example.com/analytics/saw.dll?bieehome&startPage=1 HTTP/1.1

     

    Host: testcare.example.com

     

    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:14.0) Gecko/20100101 Firefox/14.0.1

     

    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

     

    Accept-Language: en-us,en;q=0.5

     

    Accept-Encoding: gzip, deflate

     

    Connection: keep-alive

     

     

    HTTP/0.9 200 OK

     

    ----------------------------------------------------------
  • Hi Kannan,

    Could you try this and see if you get the same behavior?

    
    when HTTP_REQUEST {
    if { [HTTP::uri] eq "/" } {
    HTTP::redirect "/analytics/saw.dll?bieehome&startPage=1"
    }
    }
    
  • Hi Michael,

     

     

    I tried your suggestion, but still not working. Find attached screenshot for your reference.

     

     

  • did you get certificate warning when accessing https directly i.e. https://testcare.example.com/analytics/saw.dll?bieehome&startPage=1?
  • Hi Nitass,

     

     

    I am getting any cert error while accessing https://testcare.example.com/analytics/saw.dll?bieehome&startPage=1.
  • Hi Nitass,

     

     

    I am NOT getting any cert error while accessing https://testcare.example.com/analytics/saw.dll?bieehome&startPage=1.
  • it seems working fine to me i.e. not getting certificate warning when redirection. i created self-signed certificate and imported it into browser.

    [root@ve10:Active] config  b virtual bar list
    virtual bar {
       snat automap
       pool foo
       destination 172.28.19.79:443
       ip protocol 6
       rules myrule
       profiles {
          http {}
          myclientssl {
             clientside
          }
          tcp {}
       }
    }
    
    [root@ve10:Active] config  b profile myclientssl list
    profile clientssl myclientssl {
       defaults from clientssl
       key "testcare.example.com.key"
       cert "testcare.example.com.crt"
    }
    [root@ve10:Active] config  cat /config/ssl/ssl.crt/testcare.example.com.crt
    -----BEGIN CERTIFICATE-----
    MIIBzDCCATWgAwIBAgIBADANBgkqhkiG9w0BAQUFADAsMQswCQYDVQQGEwJVUzEd
    MBsGA1UEAxMUdGVzdGNhcmUuZXhhbXBsZS5jb20wHhcNMTIwOTAzMDUyOTAwWhcN
    MTMwOTAzMDUyOTAwWjAsMQswCQYDVQQGEwJVUzEdMBsGA1UEAxMUdGVzdGNhcmUu
    ZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMeeJ4fRePxY
    1kyvs23txJbjJGVH6wdsE9JbXXnF6NmEXZhdyfbWbaVySijzk8swJbQ831vmBp+p
    vV3OS89iyMWj1zS6nYFUC0A5CLuMPcbV79HzHv6Jc8UMLPYgA7Y4mPOfjDkiyUJK
    iRQeUqxJx5Z4P2HTkHkNR6ESNZlcE5HjAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEA
    gLq4EGgS0dvkxtO+C5gNjK8V41XPkgmFQpR2q0goU1XW5o3LUkKnN6lpitVHTvyi
    lC5MexquHTCO6CoujuzbRyAaNrjPcJluH/20Lz0Rb7wozSIOCXuOVtSB7QSJl8+o
    9AufW3HTMMm2nAyc2E0G/NuJjBP+IO3j/sfHKqNqLOQ=
    -----END CERTIFICATE-----
    [root@ve10:Active] config  cat /config/ssl/ssl.key/testcare.example.com.key
    -----BEGIN RSA PRIVATE KEY-----
    MIICXAIBAAKBgQDHnieH0Xj8WNZMr7Nt7cSW4yRlR+sHbBPSW115xejZhF2YXcn2
    1m2lckoo85PLMCW0PN9b5gafqb1dzkvPYsjFo9c0up2BVAtAOQi7jD3G1e/R8x7+
    iXPFDCz2IAO2OJjzn4w5IslCSokUHlKsSceWeD9h05B5DUehEjWZXBOR4wIDAQAB
    AoGAT47xImiSV8DwaE/+q2mAWMLe1p77RVIF9GkFsGr4ivj+dKOswvxjZvVOKVQr
    K2hdHqDERNRA/5GfL6vw+w7cBXU3sVWND3CGXx3LfNvw1PjFD0lkNFqlt1wQHVYd
    YUOTxPqsvemEq8/fWJdJLKUmXn72zzgUpfe0R7E/+74aKwECQQDlqoqtofUJrWAr
    yis6ATrTWFTmGMYLPkkoEkxOo1Jo9Qjcpl2M8ID/SfOLbXXoLIzgBthByhkJsP+1
    YabugB1TAkEA3oGX9zN7YNAKMa2kFeKu4r0LiD8WjcqsaGHsAtMvMLzYWdCumLjy
    pWJT3Zmq6TiFqUL7vc1LRZXaJ1t24HaXMQJAM6hxeu6j5CJYMGFP6cMfDSygJAVM
    fnjrEZVUDpgT0EHVVXQiNLJgAYwLuL/NNoTWxwkjGWEw0oo6afzmBF1SuwJAM9Af
    sAvH9jJbvVe+9u2zZc85yT9PpDMG1MPArqO4wHOpObjzf1LKBiMQfnDTML3duh2D
    +527oneTtkiBNSHIcQJBAI0u/+G/KlAYf7jT35bG1yqkNo7H7dTLkpqGNgi3ghBJ
    n8miOR9TSBp0X2PKZB+mHBnybozrwvGUKZErvEvxvvI=
    -----END RSA PRIVATE KEY-----
    
    [root@ve10:Active] config  b rule myrule list
    rule myrule {
       when HTTP_REQUEST {
       if {[HTTP::uri] eq "/"} {
          HTTP::redirect "https://testcare.example.com/analytics/saw.dll?bieehome&startPage=1"
       }
    }
    }