Forum Discussion
NimbostratusSSL Termination troubleshooting
Hello Experts, This is the first time I am configuring SSL termination and getting page cannot be displayed.
The SSL cert is on the server. It work when we use standard profile without SSL termination. We export and import the server SSL cert to F5; converted the profile to HTTP. Under the SSL client profile, I pick the cert/key we imported to F5. Under the SSL server profile, I picked the default serverssl.
Is this the right config?
We are getting page cannot be displayed from the webserver. What can I look at on F5 to troubleshoot?
2 Replies
- Kevin_Stewart
Employee
Okay, just to be clear:
- Standard VIP
- HTTP profile
- Client SSL profile with cert and key exported from the server
- Server SSL profile (the generic serverssl profile)
-
A pool
-
And it works without the SSL profiles and HTTP profile, correct?
Does the back end server require a client cert?
The first thing I'd do is take a look at the LTM log for any SSL-related errors. YOu may also want to try the serverssl-insecure-compatible profile and see if that makes a difference. If that doesn't work, you'll probably want to try an SSLDUMP capture on either side of the proxy:
ssldump -k [path to private key] -AdNn -i 0.0 port 443 [and additional filters]Any SSL errors should show up in these captures.
Amitabha_118500Yes to all 1-6. Back end server does not require a client cert. We also tried remove the SSL from the server so traffic from F5 to the backend server is clear. it's also not working.
I tried the serverssl-insecure-compatible. Looks like it's working now. Doing more testing.
