testing ssl certificate

Question

I have couple of VIPs on LTM internet facing for set of external clients. I am always renewing their certidficates. I want to be able to test their cert are valid after renewing by running a basic connectivity test&nbsp; to the the clients VIPs.&nbsp; I had a look at using the CURL command on a linix box.&nbsp; Is there an alternative way of dong this?

mohamed_ahmed_kansoh · Answer

Hi&nbsp;Francisconero&nbsp;,&nbsp;&nbsp; &nbsp; &nbsp; I understand that you need to verify your new Cert which applied to a Virtual server related to some of your client.&nbsp;&gt;&nbsp; you can do this test by issuing your full url " https://host_name/path"&nbsp;, your web browser should not display any errors also you can verify your certificate from the Lock TAB which beside the search bar , if you use Mozilla FireFox Browser ( you will choose the Lock item &gt;&gt; Connection secure &gt;&gt; More information )&nbsp; ,&nbsp; you&nbsp; see all information regarding your new certificate such as " expiration date , CA Name and more..."&nbsp;&gt; I believe that this Virtual server is only related to your Clients , but I think you are able to reach their virtual server internally " Through VPN or Corp Network " if both of your vips are published behind a perimeter firewall or you can access it directly if both of virtual servers facing internet without&nbsp; a firwall a head of it , after that modify your hosts file in your PC by using any text editor APP and add ( your host name = virtual server IP ) which you want to test and seve your changes and exit.&nbsp;&gt; hence , when issuing " https://host_Name&nbsp;" it will directly mapped to your Virtual IP address through Bigip.&nbsp;&gt; you should access this web Page successfully without errors.&nbsp;&gt; if you do not want to modify in your hosts file , you can access your Virtual server directly by IP address" https://x.x.x.x&nbsp;" but will recieve an ssl error in your web browser but you can read all needed info about new certificate from "&nbsp;&nbsp; Lock item &gt;&gt; Connection secure &gt;&gt; More information "&nbsp;&gt; Remember your Certificate is tied with your&nbsp; Domain name.&nbsp;Do all of the above procedures after applying your new ssl certificate to targeted client ssl profile and test.&nbsp;&gt; Check these&nbsp; KBs as well it will be helpful :&nbsp;https://support.f5.com/csp/article/K20381201&nbsp;&nbsp;and this&nbsp;https://support.f5.com/csp/article/K13349&nbsp;GoodLuck !&nbsp;

jrahm · Answer

This site is useful to test out TSL destinations:&nbsp;https://www.ssllabs.com/ssltest/
You could also use cryptonice at the command line:&nbsp;https://github.com/F5-Labs/cryptonice

Forum Discussion

testing ssl certificate

2 Replies

Recent Discussions

F5 Rseries HA

Error when running bigip_command Playbook against LTM : Syntax Error: unexpected argument /bin/sh\n

Can iRule be used to perform exception of IPI category based on Geolocation

Can iRule mask the payload content on event logs of security

minimum tmos software version for connect CIS (openshift)

Related Content

Thumbprint of the client ssl certificate

Implementing SSL Orchestrator - Certificate Considerations

Khoros article scheduling test

SSL Certificate Report

SSL Client Certification Alert 46 Unknown CA