Forum Discussion

Nimbostratus

Sep 29, 2015

IBM AIX SSL Certificate Offloading

I have tried to load-balanced two AIX Nodes running a secure website with no success. We have the SSL Certificate from the nodes and we have created a Client and Server Profile for the implementation...

Kevin_Stewart

Employee

Sep 29, 2015

The client SSL profile is going to address the user to BIG-IP SSL session. The server SSL profile is going to address the BIG-IP to server SSL session. So then the question is, which of these is causing the issue? The best option for troubleshooting here would probably be to do a capture on both sides of the BIG-IP. A tool like ssldump will give you visibility into the SSL handshake:

ssldump -AdNn -i 0.0 port 443 [and any additional filters]

You can replace the 0.0 with the name of a specific VLAN to further isolate the traffic, or add a filter that only looks at specific addresses. In most cases though, if there's an issue with an SSL handshake, it'll become apparent in one of these captures.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)