Technical Forum
Ask questions. Discover Answers.
Showing results for 
Search instead for 
Did you mean: 

testing ssl certificate


I have couple of VIPs on LTM internet facing for set of external clients. I am always renewing their certidficates. I want to be able to test their cert are valid after renewing by running a basic connectivity test  to the the clients VIPs.  I had a look at using the CURL command on a linix box.  Is there an alternative way of dong this?


Hi @Francisconero , 
      I understand that you need to verify your new Cert which applied to a Virtual server related to some of your client. 
>  you can do this test by issuing your full url " https://host_name/path" , your web browser should not display any errors also you can verify your certificate from the Lock TAB which beside the search bar , if you use Mozilla FireFox Browser ( you will choose the Lock item >> Connection secure >> More information )  ,  you  see all information regarding your new certificate such as " expiration date , CA Name and more..." 

> I believe that this Virtual server is only related to your Clients , but I think you are able to reach their virtual server internally " Through VPN or Corp Network " if both of your vips are published behind a perimeter firewall or you can access it directly if both of virtual servers facing internet without  a firwall a head of it , after that modify your hosts file in your PC by using any text editor APP and add ( your host name = virtual server IP ) which you want to test and seve your changes and exit. 

> hence , when issuing " https://host_Name " it will directly mapped to your Virtual IP address through Bigip. 
> you should access this web Page successfully without errors. 

> if you do not want to modify in your hosts file , you can access your Virtual server directly by IP address

" https://x.x.x.x " but will recieve an ssl error in your web browser but you can read all needed info about new certificate from "   Lock item >> Connection secure >> More information " 

> Remember your Certificate is tied with your  Domain name. 
Do all of the above procedures after applying your new ssl certificate to targeted client ssl profile and test. 

> Check these  KBs as well it will be helpful :  
and this 

GoodLuck ! 

Mohamed Kansoh

Community Manager
Community Manager

This site is useful to test out TSL destinations:

You could also use cryptonice at the command line: