Forum Discussion
NimbostratusLTM VIP FQDN Node CURL issue
Nimbostratuscurl is successful because it ignore incorrect cert but browser connectivity is failing when server side cert check is enable and working when serverside cert check is disabled.....dont have multiple client ssl profile one profile only... somehow when i do curl to vip request lands on correct host but then doesnt get redirected to correct resource and cert presented is wrong ... but when i do same curl to pool member which is fqdn then i see ssl completing when accessed via browser and correct cert is presented too
- Simon_Blakely
Employee
I am struggling to understand the problem.
If curl -k to the vip works but the browser fails the TLS/SSL negotiation on the client-side after the ServerHello, then the issue is probably with the client-ssl profile and the Intermediate certificate chain between the certificate and the Root certificate.
Can you provide the output of
curl -vk https://<vip fqdn>/ --resolve <vip fqdn>:443:<vip IP address>which shows the certificate and the intermediate certificates?
- any
Thanks and sure i will provide details
problem is browser is relevant or depandant on client ssl profile which is working fine as correct cert is presented...curl is intiated from ltm itself to and to vip and fqdn pool member of vip...the url from browser is nlt working so when i did ran tcpdump and analyzed in wireshark reset was being sent by ltm to client because ssl handshake was failing after server hello done....only thing different was cert presented by server was different to the one we had in trust store of server ssl profile..server ssl profille had vendor c cert and cert presented was different
