Forum Discussion
Issue with application on custom port
Have you googled what the errors mean for curl not f5 as there is a lot of info on the internet that maybe the API client system does not have the CA cert that F5 uses or the intermidiate cert is not attached to the F5 ssl profile:
https://kb.vmware.com/s/article/78471
F5 CA chain:
https://support.f5.com/csp/article/K41280190
https://support.f5.com/csp/article/K13302
Thank you for the details Nikoolayy, certificate is available at API client end and also we have required certificates under SSL profile attached with VIP.
Application works fine once we direct the traffic directly to the server. Issue comes when WAF is in picture and once OTP requests are made.
Thank you once again for your input.
- Nikoolayy1May 10, 2022
MVP
If you have other F5 modules like WAF or APM for OTP in some rare cases they can cause issues as the F5 apm and asm can be controlled with layered virtual servers how to work with each other which module to be first and the f5 asm needs to be bypassed for f5 APM remote vpn to work if you are using this. Also check the ssl handshake logs on the F5 device and if needed enable ssl handshake debug(it should be enabled by default on 13.1 and newer) as F5 in many cases can better tell you why the handshake fails as maybe ssl client certificate authentication failure etc. and if features like ask proxy, etc.are enabled on the client ssl profile. Just for info you are not using machine certificate authentication to the F5 APM on the rest-api clients right as I saw something about that?
- sumitpundirMay 20, 2022
Nimbostratus
Nikoolayy1 Shall check on handshake debug once we onboard the application again. Thanks.
- sumitpundirMay 20, 2022
Nimbostratus
Also, we are not using machine certificate authentication.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com