Forum Discussion
- Moe_JartinCirrusAgreed. The fix for us was to remove the SSL health check one-by-one from each of the pools. We finally found one pool that was causing the issue. To be clear though, this is not a problem with the pool but rather a change in behavior on the F5 side from 10.x to 11.x. I still think F5 needs to fixed the issue or give the option to ignore untrusted certs for health checks (or whatever is the root cause of the error).
- emilio_104458NimbostratusPosted By nitass on 07/09/2012 07:30 AM
https HTTPS Common
https_443 HTTPS Common
https_head_f5 HTTPS Common
- nitassEmployeecan you list all the https monitors you have?
- emilio_104458NimbostratusPosted By nitass on 07/09/2012 08:28 AM
- nitassEmployeei am not sure but would you mind trying custom https monitor with cipherlist ALL instead?
root@ve10(Active)(tmos) list ltm monitor https myhttps ltm monitor https myhttps { cipherlist "ALL" compatibility "enabled" defaults-from https destination *:* interval 5 send "GET /\r\n" time-until-up 0 timeout 16 }
- emilio_104458Nimbostratusnothing :(
- nitassEmployeeis the pool member really running https service?
- emilio_104458Nimbostratus[root@f5:Active] config curl https://192.168.32.129:443
- nitassEmployee[root@f5:Active] config curl https://192.168.32.129:443 can you try "-Ik" option? will you still get an error?
- emilio_104458Nimbostratuswith -IK opation, works