Forum Discussion
using client & server ssl profiles on a VIP
Testing this solution with Google may actually present a few anomalies. For example, depending on the browser you're using, Google generally employs certificate pinning (Chrome especially, but I believe Firefox now pins Google URLs). Essentially, the browser comes hard-codes with a list of issuer certificates. If you attempt to navigate to Google through a proxy that sends you a different certificate, the browser will deny that request. Google also employs HTTP Strict Transport Security (HSTS), which a) forces the browser to use SSL for the specified domain (and potentially all subdomains), and b) forces the browser to fail if the certificate can't be trusted. You're sending a self-signed certificate to the client, so I'm guessing at least HSTS is an issue here, if not both HSTS and pinning.
If you try this with other (non Google) URLs and it still fails, then I'd probably look more closely at TCP and SSL attributes on the server side of the proxy.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com