Forum Discussion
NimbostratusVIP with Client side Cert and Server side Cert
hi
i am pretty new to Dev central, not sure if this question belongs here.
as mentioned in summary field "Having issues with F5 VIP and Server side Self signed cert on Apache Tomcat/7.0.37"
in the past i have configured a VIP with client side(verisign) and server side(Self Signed) SSL Certificate for an IIS Webserver to capture x-forwarded for messages which works like a charm
but recently got into a situation where i cannot get the VIP working with Client Side and Server Side SSL Certificate with Tomcat.
my server team guy created a self signed certificate and installed it on TCP port 10000 on Apache Tomcat/7.0.37 and on the VIP Configuration used "serverssl" and "serverssl-insecure-compatible" both dropdowns but page does not load.
on the Client side SSL, i have a Verisign certificate.
if i go to the page directly on my browser https://10.*.*.*:10000 it works fine, and can see the certificate on my browser that is exactly the same cert that has been installed on the server.
please let me know if anyone can help me in this case.
can explain in detail if my wording is not good.
thanks.
2 Replies
- nitass
Employee
have you tried ssldump to see what was going on?
sol10209: Overview of packet tracing with the ssldump utility
http://support.f5.com/kb/en-us/solutions/public/10000/200/sol10209.html 
NlbGeek_5198i get the following message on F5 talking to server
2 2 0.0030 (0.0019) S>C Alert
level fatal
value handshake_failure
not sure what it means
