Internet Explorer cannot display the webpage

Hello Shawn,

 

 

I've not come across this issue myself before but I would be tempted to run an ssl dump to see what's happening, details can be found here:

 

 

https://support.f5.com/kb/en-us/solutions/public/10000/200/sol10209.html

 

 

Presumably the issue only occurs using your own certificate, and the default cert doesn't exhibit the same behaviour?

With more testing the issue occurs when I specify port 443 on the on the virtual server and not when I use a cert.

If the ssldump doesn't help, are you able to post up the VS configuration here please? Are there any iRules that might be impacting the connection?

 

 

ssldump didn't help much. Communications are all successful. There are no irules applied to this virtual server. The VS is default. Host with a 10.1.201.102 address service port set to 443 config set to standard no ssl profile. SNAT pool set to auto map. Resources set to a pool with one server set to answer on :7150 I have also set up a tinyweb server and replicated the VS settings and I do not get the error message. It points to a server issue but the communication works fine when I change the VS on the F5 to communicate on any other port.

ssldump didn't help much. Communications are all successful. There are no irules applied to this virtual server. The VS is default. Host with a 10.1.201.102 address service port set to 443 config set to standard no ssl profile. SNAT pool set to auto map. Resources set to a pool with one server set to answer on :7150 I have also set up a tinyweb server and replicated the VS settings and I do not get the error message. It points to a server issue but the communication works fine when I change the VS on the F5 to communicate on any other port.

Hello Shawn,

 

 

I'd definately expect a client ssl profile to be used (and a server ssl profile unless terminating the ssl connection on the BigIP).

 

 

Just out of interest, do you also get the issue if the VS listens on a different IP address (still using port 443)?

Like Cspillane mentioned above, the most common setup I have used in this type of situation is:

 

Server: 10.1.201.102

 

Service Port: 443

 

Protocol: TCP

 

Protocol Profile Client: tcp

 

HTTP Profile: http

 

SSL Profile (Client): Here is where I would use the SSL Certficate made for the website/URL

 

SSL Profile (Server): serverssl

 

SNAT Pool: Auto Map

 

 

If you are using an IIS server in this type of setup, you would also need to export the SSL Cert and key off of the F5 BIG-IP, convert it to .pfx format using "OpenSSL" or something similar. Then import that into your IIS website under the Directory Security tab, Secure Communications Section. Just click on the "Server Certificate..." button and import the .pfx formatted certificate. If you have any issues with formatting to .pfx let me know and I can provide more instructions.

 

 

What kind of web server are you running and are you running multiple sites off of it?

 

 

Also, for future reference, this question might be better suited for the advanced desing and configuration forum since you are not having issues with an iRule really.

If using Internet Information Server and it is not listening on a standard port, you could be seeing IIS issuing a courtesy redirect and responding with the port number that IIS is listening on, which causes the failure.

 

 

Are you using redirect rewrites within your HTTP profile?

 

 

Also, I'm interested in what firefox responds with because it provides better error messages (usually).