Forum Discussion

Francisconero's avatar
Francisconero
Icon for Nimbostratus rankNimbostratus
Nov 03, 2022

testing ssl certificate

I have couple of VIPs on LTM internet facing for set of external clients. I am always renewing their certidficates. I want to be able to test their cert are valid after renewing by running a basic connectivity test  to the the clients VIPs.  I had a look at using the CURL command on a linix box.  Is there an alternative way of dong this?

  • Hi Francisconero , 
          I understand that you need to verify your new Cert which applied to a Virtual server related to some of your client. 
    >  you can do this test by issuing your full url " https://host_name/path" , your web browser should not display any errors also you can verify your certificate from the Lock TAB which beside the search bar , if you use Mozilla FireFox Browser ( you will choose the Lock item >> Connection secure >> More information )  ,  you  see all information regarding your new certificate such as " expiration date , CA Name and more..." 

    > I believe that this Virtual server is only related to your Clients , but I think you are able to reach their virtual server internally " Through VPN or Corp Network " if both of your vips are published behind a perimeter firewall or you can access it directly if both of virtual servers facing internet without  a firwall a head of it , after that modify your hosts file in your PC by using any text editor APP and add ( your host name = virtual server IP ) which you want to test and seve your changes and exit. 

    > hence , when issuing " https://host_Name " it will directly mapped to your Virtual IP address through Bigip. 
    > you should access this web Page successfully without errors. 

    > if you do not want to modify in your hosts file , you can access your Virtual server directly by IP address

    " https://x.x.x.x " but will recieve an ssl error in your web browser but you can read all needed info about new certificate from "   Lock item >> Connection secure >> More information " 

    > Remember your Certificate is tied with your  Domain name. 
    Do all of the above procedures after applying your new ssl certificate to targeted client ssl profile and test. 

    > Check these  KBs as well it will be helpful : 

    https://support.f5.com/csp/article/K20381201  
    and this 
    https://support.f5.com/csp/article/K13349 

    GoodLuck !