Forum Discussion
Omer_Iqbal_6912
Nimbostratus
Mar 01, 2011Emulator for powershell?
Hi!
I am new to F5 and want to try out scripting F5 via PowerShell. I want to be safe and therefore was wondering if there is a software emulator that I could play around with before actua...
Ah nice, might be the new ID causing me not to get any hits in my search.
...can always upgrade our test environment but production is 1-2 months away easily.
Trying to read up some on tables at the moment but my skills isn't really within coding, but I do enjoy it :)
Thanks
Robert
- Since the response url does not contain the wild card string *.abcd.local, certificate error appears. How can we get around this at the F5 level using iRules, so that SSL offloading is enforced.where is https://originalsite.defg.local/loginpage? is it in http location header?
- Kevin_StewartJul 31, 2013
Employee
First things first, redirect-rewrite is an option that rewrites "http://" to "https://" on 30x redirect responses from the server. This is useful when the application 1) doesn't know it's being accessed via SSL on the client side of a proxy, and 2) it issues absolute (vs. relative) paths in redirects. It does not touch payload URL references. - Febin_130295Jul 31, 2013
Nimbostratus
Hi - Kevin_StewartJul 31, 2013
Employee
The certificate error doesn't have anything to do with server response, at least not from a layer 7 (HTTP) perspective. When a client initiates an SSL session with a server, the server's immediate response (during the SSL negotiation and BEFORE any HTTP traffic) is a SERVERHELLO message. This is when it presents its certificate to the client. If that certificate 1) contains a subject name that is DIFFERENT than the name the client asked for, or 2) the client cannot establish a trust relationship based on its own explicit trust store, the user will see the certificate error message. So, if you have a clientssl profile assigned to the VIP, and that profile is using a certificate that has a subject of "irec.fgbapps.local", the client is asking for "https://irec.fgbapps.local", and the client can trust the issuer of that certificate, then another likely cause of the certificate error is some communication from the server that is redirecting the client to another host name. The best way to assess this is to capture the client (browser) side interaction with something like Fiddler.