Forum Discussion
NimbostratusSSL Pass Through for Exchange2010
Hi Everyone,
I hope to get some input from the experts here... we have an Exchange 2010 environment where we need to have SSL connection all the way to the backend servers. I have LTM+ASM environment so in order to inspect the traffic I need to enable the http profile and add the client and server side certificate to decrypt and re-encrypt the traffic. But after doing that I am getting a continuous certificate warning which should not happen. But if I don't intercept the connection and remove the http profile from the Virtual Server and let the connection go to the backend server it works fine. What could be the reason that such problem is happening. I tried creating the VS using iAPP as well as manually but it works only without http profile. Looking for some support here.
Regards,
3 Replies
Hi Techgeeg, which version of the iApp and BIG-IP are you using? Do you have client and server SSL profiles assigned in both working and non-working cases? Does the cert used by the client SSL profile match the one configured on CAS?
TechgeeegHi Mike,
I am using TMOS 11.6.0 with HF-4 and the iAPP 1.0.0.280. Yes I have the client and server SSL profiles assigned in both cases and it doesnt work. The cert on CAST is the same as the Client SSL profile.
Regards,
When you have the http profile attached without ASM enabled, do you still get the error?
ASM is not part of our Exchange deployment guidance because we don't have updated security profiles for any of the protocols, not to mention Outlook Anywhere which is incompatible with ASM. So I'd like to rule out that ASM is causing any unexpected behavior here.
Can you post the tmsh output of your http profile configuration here?
