For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

gkorah_32913's avatar
gkorah_32913
Icon for Nimbostratus rankNimbostratus
Oct 27, 2009

SSL Cert Error with Mainframe

I have SSL offloaded from couple of my internal web servers to the F5-LTM. I was able to test it by connecting externally & opening a https to the virtual server & everything seems to work well. ...
config
design
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Oct 28, 2009
The main difference between any two SSL clients is which root certificates they have in their certificate stores. As I suggested above, if the mainframe client was working when going direct to the web servers, it's probably an issue with the intermediate SSL certificate(s) LTM is configured to send to the client in the client SSL profile. You should be able to export the SSL certificates in the chain from a working browser or the web server, convert them to PEM format and append them to the intermediate CA certificate bundle on LTM and then configure that intermediate CA bundle on the client SSL profile you're using on your VIP. If you need help doing this, you could open a case with F5 Support.

 

 

Aaron