Forum Discussion
Page not available after replacing SSL certificate
I've recently updated an SSL certificate, I've done this many times in the past and not had any issues but I'm seeing some odd behaviour now.
We had 4096 bit SSL certs on our LTMs running 10.2.2, however some clients had issues with the size of the key. These were replaced with 2048 bit certs.
I added the new certificate and key to the SSL profile but now I can't view the site. I've ran TCP dump and can see SSL communication between the VIP and my PC but the page hangs and doesn't show any pages.
I've added the same certificate on to the web server directly and I can get to the page fine.
Interestingly, I have tried putting the old certificate back and I now get the same error.
Any help would be greatly appreciated.
Thanks
- nitass
Employee
it might not relate; anyway, have you clicked "update" button in clientssl profile after updating certificate? - Lee_Sutcliffe
Nacreous
Yep, I've clicked update, sync'd the config and failed back and forth the active and standby LTMs - nitass
Employee
have you cleared browser cache? or can you try another browser? - Lee_Sutcliffe
Nacreous
I've tried various browsers. - nitass
Employee
can you post your configuration i.e. virtual server, pool? - Lee_Sutcliffe
Nacreous
- Lee_Sutcliffe
Nacreous
virtual CT-www.xxx.co.uk-https-vip { pool CT_www.xxx-pool fallback persist www.xxx_source_addr destination 10.128.0.3:any ip protocol tcp rules { ct_xxx_rule soapfault_rule ccred_headerclean_rule } persist www.xxx.co.uk_cookie profiles { SOAPfault_profile {} xxx-wildcard-ssl-profile { clientside } http {} oneconnect {} tcp {} } vlans web_LTM_external enable pool CT_www.xxx.co.uk-pool { lb method member predictive monitor all cc_http_81_mon members { 10.x.x.21:hosts2-ns {} 10.x.x.22:hosts2-ns {} }
- Lee_Sutcliffe
Nacreous
It looks to be specific to the SSL client profile. - Lee_Sutcliffe
Nacreous
Ok, I've run ssldump and I'm seeing a lot ofUnknown SSL content type 7228 2 0.0020 (0.0008) S>CShort record28 0.0020 (0.0000) S>C TCP FIN28 3 0.0031 (0.0010) C>S Alert level fatal value protocol_version28 0.0038 (0.0006) C>S TCP RST
- nitass
Employee
28 0.0038 (0.0006) C>S TCP RSTwho is client (C)? is it client or bigip?
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com