Forum Discussion
Hi Javier,
How are you accessing the virtual server? ; or
Make your browser trust your internal CA certificate. Shows that the cert is self-signed.
CN = myou? this should be a fully qualified domain name.
- Javier_Somoza_3Sep 18, 2017Nimbostratus
Hi eben Thanks for your answer.
Im accesing using the domain-name because the ltm profile (and the backend server configuration) is based on the hostheader.
True, my firefox does not trust the CA cert. Anyway, my chrome and explorer do trust but does not work either...
Don worry about that CN, i have changed it when sending the post to show a fake name
Thanks!
- ebenSep 18, 2017Nimbostratus
What error do you get from Chrome or IE? Please be more specific.
Also switch the serverssl profile to the one that has secure-incompatible.
Regards
- Javier_Somoza_3Sep 18, 2017Nimbostratus
The browser simply returns ERR_CONNECTION_RESET
I havent explained correctly, but the correct connection flow would be:
Client --> F5 (VS Rev.Proxy) --> F5 (VS Balanced Web Servers) --> Web Server nodes
I think the problem is not at the serverssl profile level because i cannot see any packet using tcpdump destinated to the second VS (the balancing one) when causing the problem in the browser. Anyway tried the serverssl profile insecure-compatible but no success.
- Javier_SomozaSep 18, 2017Nimbostratus
Mmmm, maybe its neccesary to configure the ssl profile in the VS dedicated to balance the web servers?
- Javier_SomozaSep 18, 2017Nimbostratus
Yeah! That was the problem. Sorry, forgot to mention the connection to the second virtual server.
But, what is behind the virtual server there are several published sites with multiple certificates? What would be the correct way to configure the SSL in the virtual server?
- ebenSep 18, 2017Nimbostratus
SERVER NAME INDICATION (SNI). it is a feature in the ssl profile. you can check it out here;
https://devcentral.f5.com/articles/ssl-profiles-part-7-server-name-indication
HTH
eben.
- Javier_SomozaSep 18, 2017Nimbostratus
Thank you very much!