SSL Offload for Adobe Connect

In the absence of stunnel does the app listen on an SSL (encrypted) port? If so you need a server SSL profile applied to the BIG-IP virtual server. Otherwise, take a look at the connection between the client and BIG-IP and the BIG-IP and server. Does anything ever reach the server? If not your problem is likely on the client side (LTM and/or client SSL configuration). If you see packets to the server but it's failing then the problem is likely on the server side (pool, SNAT, server SSL profile, etc.). If you still suspect it's an SSL issue, you can watch the SSL negotiation from the shell using SSLDUMP. Here's a pretty common command line for this:

 

 

ssldump -k -AnNd -i 0.0 port 443

 

 

Where:

 

-k is the physical path to the private key used in the client SSL profile

 

-AnNd is a bunch of options that tell SSLDUMP to decrypt the data and not try to resolve ports to names

 

-i 0.0 is the listening interface. 0.0 is ALL interfaces

 

port 443 is the filter. SSLDUMP requires a filter.

 

 

If you can run that on whichever side of the connection you've determined is the problem and report back the results we may be able to help interpret.