Forum Discussion
masajjad
Jul 23, 2020Cirrus
Appreciate your reply Lidev. Earlier same client side cert was installed on Tomcat server. Now that wildcard is expiring Security does not want us to install new client cert on back end. We installed a new cert on back-end that was signed by our "local CA". F5 knows that local CA. From tcpdump we see can see that new cert being used to secured communication between F5 (self IP) and pool member (only one server in the back-end). Afterwards we also see VS (not self IP) is also sending the new cert as part of SSL handshake that is where application breaks. Hope it shades some light. Thanks.