Forum Discussion
msp_64517
Nov 24, 2010Nimbostratus
SSL Termination - Broken Connection Safari and IE
I've searched through various topics but can't find a previous discussion/solution on this exact issue and was wondering if anyone has seen this before...Safari can’t open the page “https://www.domain_name/”. The error is: “unknown error” (kCFErrorDomainWinSock:10054)
I have an HTTPS VS that is using a new cert (signed/verified by Equifax). The https site loads perfectly in Chrome and Firefox but fails to load in both IE and Safari.
BigIP Sries/Version: 6400/9.0.1 <--- (I know, I am not allowed to upgrade, please don't laugh)
Browser Errors (on Windows 7):
-------------------
- IE (version 8.0.7600.16385): 'Internet Explorer cannot display the webpage'
- Safari (5.03):
I have many http (not https) sites running on this system without any problems. My one HTTPS VS setup is very basic and I'm not using iRules:
1. I imported/uploaded the signed SSL cert and key
2. Configured a Client SSL Profile:
- Certificate and Key: set to the cert and key I uploaded
- Ciphers: !SSLv2:ALL:!ADH:!EXPORT40:!EXP:!LOW:@SPEED
- Unclean shutdown: disabled
3. Configured an HTTPS VS which is setup in the following way:
- ServerPort: 443
- OneConnect Profile: None
- Protocol: tcp
- Client Protocol Profile: tcp
- Address Translation: enabled
- Port Translation: enabled
- SNAT Pool: none (site won't work if set to automap)
- ServerSSL Profile: none (site won't work if set to 'serverssl')
- ClientSSL Profile: domain_name
If I change the certificate/key for this HTTPS VS to a signed cert/key for a different domain, then I at least get the 'domain name mismatch' warning in Safari, but IE still displays "cannont display the webpage".
The first question in this existing topic describes a similar symptom: http://devcentral-sea.f5.com/Forums/tabid/1082223/asg/50/showtab/groupforums/aff/5/aft/1172095/afv/topic/Default.aspx
Also, the real servers are running Apache 2.2 on Centos 5 (SSL support in Apache is not installed/configured on the real servers).
If anyone has come across this before and can share any insight, it would be much appreciated.
Thanks
- nitassEmployeewould u mind posting b profile domain_name list all output here?
- msp_64517NimbostratusHere is the output of b profile:
- msp_64517NimbostratusTHIS IS RESOLVED.
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects