For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Zuke_254875's avatar
Zuke_254875
Icon for Altostratus rankAltostratus
Aug 29, 2018

SSL handshake failure during SSO

Both our production and non-production service desk applications use SSO.   User connects to application VIP, which redirects users to the SSO VIP on 443.   The F5 configuration for these two ...
application delivery
BIG-IP
certificate
LTM
security
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Aug 29, 2018

Okay, so to be clear, "SSL Bridging" generally defines where the F5 both decrypts and re-encrypts the traffic to the server, which requires both client and server SSL profiles. If I can assume that there is NO client certificate auth going on, on either side, then the "certificate unknown" error is going to come from the client after consuming the server's certificate.

 

Browsers aren't usually that strict about bad server certificates. Worst case you'll get a certificate warning and click-to-continue.

 

So then I'd ask,

 

  • Does the app server require HTTPS?
  • Do you have a server SSL profile also applied?
  • And if yes to the above, which server SSL profile are you using?