Forum Discussion

Nimbostratus

Aug 21, 2013

How to troubleshoot SSL server profile?

Hi I'm trying to work out where my connection is going wrong. I have setup a VIP with both a client and server SSL profile so the nodes receive traffic on 443. What commands should I use from ...

Cirrostratus

Aug 21, 2013

You can capture a tcpdump first to see that up to L4 is working and then use ssldump with the server's SSL private key to check that SSL is working:

sol411: Overview of packet tracing with the tcpdump utility https://support.f5.com/kb/en-us/solutions/public/0000/400/sol411.html

tcpdump -ni 0.0 -s0 -w /var/tmp/trace.1.dmp host CLIENT_IP or host SERVER_IP replace CLIENT_IP and SERVER_IP with the client and pool member(s) IPs

SOL10209 - Overview of packet tracing with the ssldump utility https://support.f5.com/kb/en-us/solutions/public/10000/200/sol10209.html?sr=31391333

ssldump -AedHr /var/tmp/trace.1.dmp -Nk /var/tmp/private.key > /var/tmp/ssldump.txt

Aaron

Forum Discussion

How to troubleshoot SSL server profile?

Recent Discussions

F5 ASM logging profile to specify source IP

Portal Access to HTTPS resources slow

Cannot login to Avaya wanx using f5 apm network access

Hi All, We have viprion 4300 with 4450 blades with 6 blades all blades having same configuration

Can iRule be used to perform exception of IPI category based on Geolocation

Related Content

How can I configure Server SSL Profiles to connect to different URLs on the same server?

VIP and SSL Profile Inventory

HTTPS communication and client and server ssl profile

SSL Profile Cipher

ASM Logging profile w/ Remote Storage