Certifiacte
3 Topicsself-directed requests fail because of no certificate
Is there a way to whitelist a server so it can make requests from itself without needing to have a certificate? I use the F5 to provided CAC authentication for my site. It's a PHP server. During the setup process for the web application software we run on the server, the setup process needs to learn, test and record it's own URL and the URL of other web applications installed on the same server. These URLs are used later when generating HTML with absolute URL links in it. When the user types a URL in and submits it, the server will then make a request from that URL (where an API is waiting) to make sure it get's a valid response--verifying the URL is correct. This process fails, I'm assuming, because any requests of the server require you to have a CAC/Certificate. As such our software is unable to validate URLs. What can be done about this to allow it to work? Ideally it would be nice if the server was somehow whitelisted so it could make a self-directed request, but is there any other options?47Views0likes1CommentRedirect https to https virtual server Certificate question
Hi, i have to redirect a https request to a https virtual server , i have in mind to use an irule as follows: when HTTP_REQUEST { set url [HTTP::uri] if {[regexp {"STRING"} $url]} { virtual /Common/MyVirtual } } To do so , i have to set the HTTP profile (client) to http to be able to assing the corresponding Irule to the VS, but requests doesnt work as i have to select the SSL Profile , here the problem. i created a new SSL client profile and tried to set the Certificate Key chain, but doesnt work ( i think i did it wrong) The source https request is using a certificate, that i can see already stored at the F5 , inside file ca-bundle.crt , also from the source server i was able to get the certificate and tried to create a new certificate , but doesnt work , i think i'm missing the key or something. When creating the certificate it's mandatory to generate it as Certificate Authority? or it can be self? Note: i'm not very good at certificates with F5 , i know how to create irules, manage the F5 and so on .. but i'm lost with the certificates part. Thanks in advance.74Views0likes4CommentsQuestion regarding the SSL/TLS cipher and Certificate
Hi Folks, I have two question regarding SSL/TLS cipher and Certificate. We used the same ssl profile with same cipher suite on two different F5 VSs, and we tested SSL/TLS by Qualys SSL Labs. But we saw the different report. One of the website got the A grade, but the other website got the B grade, because the webpage didn't use the forward secrecy cipher suite. Why do we get the discrepancy report ? The other question: There were several WAF or Load balancer on the same network chain to handle the same traffic for the same website. It was like there is a user send the HTTPS request through the several proxy device and final reach the website. Why the user got the certificate problem If one of the proxy which wasn't placed on the first gave the wrong ssl certificate ? Wouldn't the first proxy unit handling client side ssl handshake? Regards, Ding531Views0likes4Comments