Forum Discussion

Zuke_254875

Altostratus

Aug 29, 2018

SSL handshake failure during SSO

Both our production and non-production service desk applications use SSO.

User connects to application VIP, which redirects users to the SSO VIP on 443.

The F5 configuration for these two environments are identical:

SSL bridging with default Client SSL profile as parent. No customizations except for the certificate/key/bundle.

However in the non-prod environment, the SSL handshake cannot complete. tcpdump shows a fatal error, certificate unknown, even though this is the same cert/key on the SSO server.

When I browse directly to the SSO VIP, the application works as expected.

Currently the work-around is to have the non-prod ITSD application server bypass the F5 and go directly to the SSO app server rather than the F5.

Fernando_C
Nimbostratus
Feb 13, 2020
Please check the next url in order to check if the chain is well formed: https://whatsmychaincert.com/

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

SSL handshake failure during SSO

Recent Discussions

Should config via cli rather than gui?

Background Tasks

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

F5 Health Monitor Receive String as JSON

Related Content

BIG-IP Proxy SSL 12.1 Handshake Failure

TCP Internals: 3-way Handshake and Sequence Numbers Explained

SSL handshake failure using serverssl (F5 and Citrix Netscaler)

Monitoring Failure OAuth request

BIG IQ backup failures

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS