Forum Discussion
SSL issue "Server throwing SSL exceptions"
- Jun 21, 2019
Perfect!
Please, don't forget to score my answer (or marking as "the best") if it was helpful for you ;-)
Hello.
When you have a configuration like this in your virtual server
Client SSL profile: yes
Server SSL profile: none
You are already sending traffic offloaded to the backend server.
KR,
Dario.
- T_RajneeshJun 20, 2019NimbostratusHi Dario, We have VIP with both Client & Server SSL offloading but here we have an I rule attached to this VIP, stating to send the request to other pool not associated to this VIP whose node/ server listening in port 3737 example VIP Test..443 Pool abc. Server 1 -443 Server 2-443 But irule attached in this VIP to sent traffic to Pool xyx Server 3-3737
- Jun 20, 2019
You can have a VS with both SSL profiles (client & server) and desactivate one of them using an iRule (or even better a policy).
One example:
>> VS
ltm virtual VS-TEST_443 { destination 10.1.1.1:https ip-protocol tcp mask 255.255.255.255 pool P-ABC_443 profiles { clientssl { context clientside } http { } serverssl { context serverside } tcp { } } source 0.0.0.0/0 source-address-translation { type automap } translate-address enabled translate-port enabled }
>> RULE
when HTTP_REQUEST { if { [HTTP::host] equals "url.com"}{ SSL::disable serverside pool P-XYZ_3737 } }
IMPORTANT: the communication to the backend P-XYZ_3737 should have to be using HTTP (not HTTPS), to avoid errors.
KR,
Dario.
- T_RajneeshJun 21, 2019Nimbostratus
Hi Dario,
Thanks for you reply. I will apply it and update you status.
Regards,
Rajneesh
- Jun 21, 2019
Perfect!
Please, don't forget to score my answer (or marking as "the best") if it was helpful for you ;-)
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com