Hi to F5 DevCentral,
The SSL certificate (configured in our F5 load balancer) of one of our F5-hosted websites will be expiring soon.
After I configured a new SSL certificate in F5 for that website, browsing the website (using Google Chrome) displays the following error message:
This site can't provide a secure connection.
<the website's domain name> uses an unsupported protocol.
Does this mean that something is wrong with the new SSL certificate?
This message indicates that the SSL version or the Cipher list supported by the F5 and its peer (the client) doesn't match.
You should do a tcpdump on the client or on the F5 system to check the ssl handshake. You may see that there is no matching ciphers between the browser and the VS.
It turned out that the F5-hosted website had some existing configurations in a Palo Alto firewall. (i.e. an SSL certificate, and a decryption rule)
Browsing the website finally worked, after I used its new SSL certificate to update the relevant configurations in both the Palo Alto firewall and the F5 load balancer.