For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

any's avatar
any
Icon for Nimbostratus rankNimbostratus
Jan 27, 2020

LTM VIP FQDN Node CURL issue

Hi all   can someone please provide some guidance as i have two VIP's both working but one present incorrect cert when i do curl to VIP and correct cert when i do curl to pool member directly (with...
application delivery
BIG-IP
LTM
Simon_Blakely's avatar
Simon_Blakely
Icon for Employee rankEmployee
Jan 28, 2020

I am struggling to understand the problem.

If curl -k to the vip works but the browser fails the TLS/SSL negotiation on the client-side after the ServerHello, then the issue is probably with the client-ssl profile and the Intermediate certificate chain between the certificate and the Root certificate.

Can you provide the output of 

curl -vk https://<vip fqdn>/ --resolve <vip fqdn>:443:<vip IP address>

which shows the certificate and the intermediate certificates?

any's avatar
any
Icon for Nimbostratus rankNimbostratus
Jan 28, 2020

Thanks and sure i will provide details

problem is browser is relevant or depandant on client ssl profile which is working fine as correct cert is presented...curl is intiated from ltm itself to and to vip and fqdn pool member of vip...the url from browser is nlt working so when i did ran tcpdump and analyzed in wireshark reset was being sent by ltm to client because ssl handshake was failing after server hello done....only thing different was cert presented by server was different to the one we had in trust store of server ssl profile..server ssl profille had vendor c cert and cert presented was different