testing ssl certificate

Question

I have couple of VIPs on LTM internet facing for set of external clients. I am always renewing their certidficates. I want to be able to test their cert are valid after renewing by running a basic connectivity test&nbsp; to the the clients VIPs.&nbsp; I had a look at using the CURL command on a linix box.&nbsp; Is there an alternative way of dong this?

mohamed_ahmed_kansoh · Answer

Hi&nbsp;Francisconero&nbsp;,&nbsp;&nbsp; &nbsp; &nbsp; I understand that you need to verify your new Cert which applied to a Virtual server related to some of your client.&nbsp;&gt;&nbsp; you can do this test by issuing your full url " https://host_name/path"&nbsp;, your web browser should not display any errors also you can verify your certificate from the Lock TAB which beside the search bar , if you use Mozilla FireFox Browser ( you will choose the Lock item &gt;&gt; Connection secure &gt;&gt; More information )&nbsp; ,&nbsp; you&nbsp; see all information regarding your new certificate such as " expiration date , CA Name and more..."&nbsp;&gt; I believe that this Virtual server is only related to your Clients , but I think you are able to reach their virtual server internally " Through VPN or Corp Network " if both of your vips are published behind a perimeter firewall or you can access it directly if both of virtual servers facing internet without&nbsp; a firwall a head of it , after that modify your hosts file in your PC by using any text editor APP and add ( your host name = virtual server IP ) which you want to test and seve your changes and exit.&nbsp;&gt; hence , when issuing " https://host_Name&nbsp;" it will directly mapped to your Virtual IP address through Bigip.&nbsp;&gt; you should access this web Page successfully without errors.&nbsp;&gt; if you do not want to modify in your hosts file , you can access your Virtual server directly by IP address" https://x.x.x.x&nbsp;" but will recieve an ssl error in your web browser but you can read all needed info about new certificate from "&nbsp;&nbsp; Lock item &gt;&gt; Connection secure &gt;&gt; More information "&nbsp;&gt; Remember your Certificate is tied with your&nbsp; Domain name.&nbsp;Do all of the above procedures after applying your new ssl certificate to targeted client ssl profile and test.&nbsp;&gt; Check these&nbsp; KBs as well it will be helpful :&nbsp;https://support.f5.com/csp/article/K20381201&nbsp;&nbsp;and this&nbsp;https://support.f5.com/csp/article/K13349&nbsp;GoodLuck !&nbsp;

jrahm · Answer

This site is useful to test out TSL destinations:&nbsp;https://www.ssllabs.com/ssltest/
You could also use cryptonice at the command line:&nbsp;https://github.com/F5-Labs/cryptonice

Forum Discussion

testing ssl certificate

Recent Discussions

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

Switch ssl profile based on weak cipher detection via IRULE

full-proxy HTTP2

Decode ObjectSID from Base64-encode string

Related Content

SSL Certificate Report

Security Sidebar: Improving Your SSL Labs Test Grade

Re: Management Certificate

Testing the security controls for a notional FDX Open Banking deployment

Certifications for security professionals

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS