I came across a strange behaviour while performing a SSL certificate renewal for a VIP. My VIP have two service ports 2040 and HTTPS. The HTTPS vip is not accessible via the browser. Both VIPs are configured client and server ssl profiles and both profiles are using the same cert/key pair.
Once I have performed the certificate renewal on the F5 and when I did the test on the qualys ssl labs I was still seeing the old certificate. But on the 2040 VIP when I access it via the browser I can see the new certificate there already. Generally when I perform a certificate renewal on a VIP it will reflect immediately on browser/qualys ssl labs. I have tried all the possibilities in qualys ssl labs such as clearing the cache but the results were same until the backend server team updated the certificate on their end as well.
I still don’t understand how this is possible as in once we have the client ssl profile configured on a VIP the client will always see the certificate on the F5 only.
is there any things I’m missing in F5 configuration to check?