For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Francisconero's avatar
Francisconero
Icon for Nimbostratus rankNimbostratus
Nov 03, 2022

testing ssl certificate

I have couple of VIPs on LTM internet facing for set of external clients. I am always renewing their certidficates. I want to be able to test their cert are valid after renewing by running a basic connectivity test  to the the clients VIPs.  I had a look at using the CURL command on a linix box.  Is there an alternative way of dong this?

application delivery

2 Replies

  • Mohamed_Ahmed_Kansoh's avatar
    Mohamed_Ahmed_Kansoh
    Icon for MVP rankMVP
    Nov 03, 2022

    Hi Francisconero , 
          I understand that you need to verify your new Cert which applied to a Virtual server related to some of your client. 
    >  you can do this test by issuing your full url " https://host_name/path" , your web browser should not display any errors also you can verify your certificate from the Lock TAB which beside the search bar , if you use Mozilla FireFox Browser ( you will choose the Lock item >> Connection secure >> More information )  ,  you  see all information regarding your new certificate such as " expiration date , CA Name and more..." 

    > I believe that this Virtual server is only related to your Clients , but I think you are able to reach their virtual server internally " Through VPN or Corp Network " if both of your vips are published behind a perimeter firewall or you can access it directly if both of virtual servers facing internet without  a firwall a head of it , after that modify your hosts file in your PC by using any text editor APP and add ( your host name = virtual server IP ) which you want to test and seve your changes and exit. 

    > hence , when issuing " https://host_Name " it will directly mapped to your Virtual IP address through Bigip. 
    > you should access this web Page successfully without errors. 

    > if you do not want to modify in your hosts file , you can access your Virtual server directly by IP address

    " https://x.x.x.x " but will recieve an ssl error in your web browser but you can read all needed info about new certificate from "   Lock item >> Connection secure >> More information " 

    > Remember your Certificate is tied with your  Domain name. 
    Do all of the above procedures after applying your new ssl certificate to targeted client ssl profile and test. 

    > Check these  KBs as well it will be helpful : 

    https://support.f5.com/csp/article/K20381201  
    and this 
    https://support.f5.com/csp/article/K13349 

    GoodLuck !