Forum Discussion

Mark_Cloutier's avatar
Mark_Cloutier
Icon for Nimbostratus rankNimbostratus
Oct 05, 2012

SSL change in version 11.2.1?

Last night I replaced a version 9.4.8 2400 with an HA pair of 3600s, ASM is licensed but not in use yet on the 3600s. I found this morning that a couple of the sites that I terminate SSL on the BIGi...
config
design
Mark_Cloutier's avatar
Mark_Cloutier
Icon for Nimbostratus rankNimbostratus
Oct 05, 2012

I figured it was something like that and I had gone to the ssl server profile to look at what options were available to me... Based on what I read in the help screen, I had changed Secure Renegotiation to Request as you suggested. Unfortunately that made no difference in the behavior... I checked with the openssl command you provided and sure enough, Secure Renegotiaion is not supported..... If there's not a setting in the ssl server profile to get it to ignore the expired certs, looks like we may go with a self signed cert across the board on our web serves and just import that into the BigiP. Does that make sense? Do you see other options, other than just maintaining the full certs on both the BigIP and the web server?