For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

swo0sh_gt_13163's avatar
swo0sh_gt_13163
Icon for Altostratus rankAltostratus
Jul 15, 2015

SSL Certificate weird issue. (Certificate in the browser shows as "Issued by * and Issued to *")

Hello Folks,   I am facing a weird issue with of the customer. Following is the quick background.   CSR Generated from F5 for SAN Certification (for eg. *.test.com) CA provided the Cert. Ins...
certificate
swo0sh_gt_13163's avatar
swo0sh_gt_13163
Icon for Altostratus rankAltostratus
Jul 16, 2015
  1. Well there is no technical reason for this. They already had one Client-SSL Profile applied on VS1, just to keep the objects separate we have created a separate Client-SSL Profile for VS2, in case if we need to implement any VS specific changes in future, it won't affect VS1.
  2. I am yet to take TCPDUMP, will share my findings on this.

My concern is, why it shows correct Cert while accessing the VIP, and not showing the same while accessing using FQDN? I cleared the statistics while using FQDN, and found that traffic is hitting correct VS.

 

That left me wondering about the observed behavior.

 

  • Ronald_van_der3's avatar
    Ronald_van_der3
    Icon for Nimbostratus rankNimbostratus
    Jul 16, 2015
    Could you share us the virtual server and ssl profile configuration for the 'non working' VS?
  • swo0sh_gt_13163's avatar
    swo0sh_gt_13163
    Icon for Altostratus rankAltostratus
    Jul 17, 2015
    I will share the the client-ssl and VS properties of non-working VS as and when I get next remote session with client. Also if I use the same working client-ssl Profile (which is applied to VS1) isn't changing the behavior. What I fail to understand is, how it is fetching the correct certificate, if I directly access VIP rather than FQDN. Allow me sometime to share the require information. Thanks Ronald.