Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Does using default clientssl profile disable SSL offload for the VIP?

Vishal_Sinha
Nimbostratus
Nimbostratus

‎26-Aug-2020 16:15

I have a VIP that is using client ssl profile with default (localhost) certificate. my pool members for this VIP have the Certificate for this URL.

I see the certificate when i access the VIP.

I believe that i should receive a certificate error if SSL offloading is enabled on F5 but i dont see the error.

Why is that?

Labels:
0 Kudos
4 REPLIES 4

Mayur_Sutare
MVP
MVP

‎27-Aug-2020 04:38

Can you check which certificate are you getting on the browser? when accessing VIP?

0 Kudos

Vishal_Sinha
Nimbostratus
Nimbostratus
In response to Mayur_Sutare

‎27-Aug-2020 07:39

i see a certificate that is installed on the pool member server. its a certificate issued by our Internal CA, and the VIP URL is included as SAN in that certificate.

0 Kudos

Mayur_Sutare
MVP
MVP

‎27-Aug-2020 08:21

If you have configured client SSL profile on the VS then client should get certificate present in the client SSL profile attached to the VS not the certificate present on the pool member. Are you sure if request is hitting correct VS?

0 Kudos

Vishal_Sinha
Nimbostratus
Nimbostratus

‎27-Aug-2020 08:28

yes, VIP has a Client SSL profile and i have default localhost certificate called in it. I have verified that we are hitting the right VIP. i did the tcpdump and saw the hits.

i am seeing this thing on many of my F5s that have default certificate called in the Client SSL Profile.

0 Kudos
Copyright © 2022 Khoros, LLC