Forum Discussion
Setting up internal and external SSL for server that MUST see internal SSL for APP to work
I have setup a VIP that has an SSL redirect on the outside of the F5, and then used a self signed SSL on the inside so the server will be accessed via port 443.. We are using version 11.2.1.
The problem is, when you hit the external VIP the browser sits and spins until you either stop it or put the cursor to the right of the address and hit enter again and the application will respond with no problems....
This has been tried on several systems from different locations and it is always the same response as described above....
any ideas?
- natheCirrocumulus
Jeff, does using the v switch with curl (for verbose) give any more? curl -kv https://mydomain.com
What about running SSLDUMP on the ltm, e.g. ssldump -Aed -nni 0.0 host x.x.x.x and port 443
Do either of these help you further? N
- Kevin_StewartEmployee
I would definitely do an SSLDUMP as nathan suggests. Because you have the server private key, as applied in the client SSL profile, you can use that in the SSLDUMP to see the encrypted data:
ssldump -k -AdNn -i 0.0 host x.x.x.x and port 443
- Jeff_Knights_44Nimbostratus
I think I found the problem....
When I initially built the VIPs on port 443 the directions I was using said to use a Default Persistance Profile of "SSL"
I switched the DPP to use our custom cookie we built for use on other HTTPS sites in our domain and it is now working the way it is supposed to.
Thanks for the Help guys, the curl is how I found it...
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com