Forum Discussion
CirrusiHealth Monitor for SSL certification on server
Hi Team,
We have VIP configured on F5 with performance(L4 ). All SSL certificates which are serve to applications are hosted in backend servers.(No SSL certificate hosted on F5 for this VIP). configured LB method is least connection(poolmember). iHealth configured is TCP with specific port (443)
Recently we had issue that . We were having an intermittent issue connecting applications (was global outage ). During troubleshooting they found that one backend server (out of 4 backend servers) was rebooted the old image which was having expired SSL certificate.
Now they are blaming to Network F5 LoadBalancer that it did not do properly load balance and why connections were sent to certificate expired back end server and did not monitor the applications properly
I understood even though it was not our end issue. still we were blamed as root cause of this issue.
I need your help to fix this issue.
1) Can we monitor the SSL certificate expire from LB which is external to world?
2) If yes.. how can we do it..?
3)Can we stop sending new connections to backed server on which SSL certificate expired..?
JGCumulonimbus
You can create an HTTPS monitor for your backend server and attach it to the server pool used by your virtual server. If the SSL certificate becomes invalid, the monitor will fail and take the server out of the server pool.