Forum Discussion
Phil_102636
Nimbostratus
Nimbostratussimple https monitor fails on node using ssl cert
OS: 10.2.3
LTM
Re: simple https monitor fails when IIS node uses SSL Cert. Did a tcpdump and just see resets when using the https monitor. Checked node and port 443 is open. Not really sure why we have this issue unless it has something to do with cipher. We rarely have seen this so am posting to see if someone else has some input.
Thanks
5 Replies
- nitass
Employee
who sent reset? when was reset sent? can you post ssldump output?
ssldump -Aed -nni 0.0 host x.x.x.x and host y.y.y.y and port 443
x.x.x.x is non-floating self ip
y.y.y.y is iis server ip 
What_Lies_Bene1Cirrostratus
It might also be worth trying to connect directly to the node with a client and confirming the SSL certificate is presented.
Phil_102636New TCP connection 1: 10.115.2.1(46215) <-> 10.115.2.252(443)
1 1 1349275180.3509 (0.0020) C>S SSLv2 compatible client hello
Version 3.1
cipher suites
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
Unknown value 0xff
1 1349275180.3515 (0.0006) S>C TCP RSTHere is the output.
- nitasshave you tried ALL cipher list in https monitor?
does the iis server accept SHA? 
pmaubo2_55685It turned out they gave us a corrupted SSL CERT so once it was redone, all was well and life was good.
