I have couple of VIPs on LTM internet facing for set of external clients. I am always renewing their certidficates. I want to be able to test their cert are valid after renewing by running a basic connectivity test to the the clients VIPs. I had a look at using the CURL command on a linix box. Is there an alternative way of dong this?
Hi @Francisconero ,
I understand that you need to verify your new Cert which applied to a Virtual server related to some of your client.
> you can do this test by issuing your full url " https://host_name/path" , your web browser should not display any errors also you can verify your certificate from the Lock TAB which beside the search bar , if you use Mozilla FireFox Browser ( you will choose the Lock item >> Connection secure >> More information ) , you see all information regarding your new certificate such as " expiration date , CA Name and more..."
> I believe that this Virtual server is only related to your Clients , but I think you are able to reach their virtual server internally " Through VPN or Corp Network " if both of your vips are published behind a perimeter firewall or you can access it directly if both of virtual servers facing internet without a firwall a head of it , after that modify your hosts file in your PC by using any text editor APP and add ( your host name = virtual server IP ) which you want to test and seve your changes and exit.
> hence , when issuing " https://host_Name " it will directly mapped to your Virtual IP address through Bigip.
> you should access this web Page successfully without errors.
> if you do not want to modify in your hosts file , you can access your Virtual server directly by IP address
" https://x.x.x.x " but will recieve an ssl error in your web browser but you can read all needed info about new certificate from " Lock item >> Connection secure >> More information "
> Remember your Certificate is tied with your Domain name.
Do all of the above procedures after applying your new ssl certificate to targeted client ssl profile and test.
> Check these KBs as well it will be helpful :