Forum Discussion

Nimbostratus

Jul 28, 2009

ssl logs

hi everyone we've been using ssl termination for years without any problems, but recently i've implemented client certificate authentication for the first time. it seems to be working w...

management

monitoring

hoolio

Cirrostratus

Jul 28, 2009

I don't think you'll see any connection failure logs. Your best bet for troubleshooting would probably be to capture a tcpdump of the client connection failure and then use ssldump on LTM to decode it. You'll need to start the tcpdump before the TCP connection from the client to VIP is established so you get the initial SSL handshake in the trace. You can then use ssldump to decode it:

https://support.f5.com/kb/en-us/solutions/public/7000/800/sol7823.html

tcpdump -i 0.0 -s0 -w/var/tmp/client_cert.dmp host CLIENT_IP

ssldump -AdneN -r/var/tmp/client_cert.dmp -k/config/httpd/conf/ssl.key/server.key >/var/tmp/client_cert.txt

Aaron

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

ssl logs

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

F5 Academies Are Back – And We’re Coming to a City Near You

Recent Discussions

Change severity for sod log messages

Rewrite content in XML schema file.

F5 APM Check Domain Membership

Question regarding F5 Viprion Configuration Migration to VE.

URL Redirect ? URL ReWrite ?

Related Content

SSL Orchestrator Enhanced Uses Case: Remote Logging

SSL Orchestrator Service Extensions: User Coaching

Logging DNS Requests

CEF logs F5

ASM LOGS

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS