Forum Discussion

Zuke_254875

Altostratus

Aug 29, 2018

SSL handshake failure during SSO

Both our production and non-production service desk applications use SSO.

User connects to application VIP, which redirects users to the SSO VIP on 443.

The F5 configuration for these two environments are identical:

SSL bridging with default Client SSL profile as parent. No customizations except for the certificate/key/bundle.

However in the non-prod environment, the SSL handshake cannot complete. tcpdump shows a fatal error, certificate unknown, even though this is the same cert/key on the SSO server.

When I browse directly to the SSO VIP, the application works as expected.

Currently the work-around is to have the non-prod ITSD application server bypass the F5 and go directly to the SSO app server rather than the F5.

Fernando_C
Nimbostratus
Feb 13, 2020
Please check the next url in order to check if the chain is well formed: https://whatsmychaincert.com/

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

SSL handshake failure during SSO

Recent Discussions

VIP needed for many UDP ports

Creating Policy using Terraform

Unable to get Internet in server using SWG forward Proxy.

ASM don't block attack XSS

AWAF ADD-ON MODULE

Related Content

BIG-IP Proxy SSL 12.1 Handshake Failure

BIG IQ backup failures

TCP Internals: 3-way Handshake and Sequence Numbers Explained

SSL handshake failure using serverssl (F5 and Citrix Netscaler)

SSL Profiles Part 1: Handshakes

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS