ssl service working on safari but not with chrome or firefox
I've been setting up a POC with the LTM v10.1 VM trial and I'm running into a weird issue I'm hoping someone can assist with.
I've set up a simple https service, whereby the user browses to https://172.18.8.101, the f5 terminates the ssl connection, then starts up a new https connection to the back-end service.
Because of the ssl issues in the v10.1 VM trial, I've had to workaround the issues with having a client-side and server-side ssl config on the same VS, so that may indeed be part of my issues. I have a test 3600, so that will be my next step, but I don't have access to that at the moment.
It would really be nice to get the VM-trial updated! I've had many F5 FSE's say thing is going to happen, but nothing yet... a year later at least.
The backend server is a Bradfordnetworks NAC solution, purely just to provide a nice interface for management, presenting a real ssl cert to the user, while keeping a self-signed on the Bradford server.
My issue is Safari works (albeit slowly to connect --timeouts?), Firefox accepts the cert and then just waits and waits, while Chrome just says no after a short timeout. All my testing is on my macbook, where the VM is hosted under VM Fusion v4.1.3.
Any ideas will help!
Thanks,
Glen.
bigip.conf:
---
datastor {
low water mark 80
high water mark 92
}
deduplication {}
shell write partition Common
route default inet {
gateway 172.18.8.2
}
profile clientssl testf5-cli {
defaults from clientssl
key "test-selfsigned.key"
cert "test-selfsigned.crt"
}
profile serverssl testf5 {
defaults from serverssl
handshake timeout 60
alert timeout 60
cache timeout 3600
}
profile serverssl testf5-svr {
defaults from serverssl
key "default.key"
cert "default.crt"
peer cert mode ignore
}
node 8.8.8.8 {}
node 10.85.201.83 {}
pool testf5 {
monitor all https
members 10.85.201.83:pcsync-https {}
}
rule broken-trial-ssl {
when CLIENT_ACCEPTED {
virtual testf5
}
}
rule rewrite {
when HTTP_REQUEST {
if { [string tolower [HTTP::uri]] starts_with "/abc" } {
HTTP::uri [string map -nocase {"/abc" "/123/bac"} [HTTP::uri]]
}
}
}
virtual testf5 {
snat automap
pool testf5
destination 172.18.8.101:https
ip protocol tcp
profiles {
tcp {}
testf5-svr {
serverside
}
}
vlans none enable
}
virtual testf5_cli {
snat automap
destination 172.18.8.101:https
ip protocol tcp
rules broken-trial-ssl
profiles {
http {}
tcp {}
testf5-cli {
clientside
}
}
}