Forum Discussion

dragonflymr's avatar
dragonflymr
Icon for Cirrostratus rankCirrostratus
May 25, 2015

serverssl profile with only certifikate - v10.0.1

Hi,   I have VS with serverssl profile assigned that has only certificate configured, no private key. As far as I ubderstand purpose of assigning certificate to serverssl it doesn't make sense.  ...
application delivery
deployment
design
LTM
security
nitass_89166's avatar
nitass_89166
Icon for Noctilucent rankNoctilucent

Such configuration is required only when LTM should be able to perform certificate based authentication as client - when target server is requiring it. Without private key it is not possible - Am I right here?

 

i agree.

 

When default serverssl profile is assigned to the same server (so no cert and no private key) communication with target server is no more working.

 

have you tried tcpdump/ssldump? what did you get?

 

dragonflymr's avatar
dragonflymr
Icon for Cirrostratus rankCirrostratus
May 25, 2015
I have no direct access to the system, waiting for dump to be provided. Still profile that is working is only different from build in serverssl in are of certificate assigned. All other setting are the same as in build in profile - a bit strange that result of using build in profile is loss of communication with target server. Here is working profile server-ssl some_name { alert-timeout 60 authenticate once authenticate-depth 9 authenticate-name none ca-file none cache-size 20000 cache-timeout 3600 cert some.crt chain none ciphers DEFAULT crl-file none defaults-from serverssl handshake-timeout 60 key none mod-ssl-methods disabled mode enabled options { dont-insert-empty-fragments } partition Common passphrase none peer-cert-mode ignore renegotiate-period indefinite renegotiate-size indefinite strict-resume disabled unclean-shutdown enabled I was suspecting issues with ciphers but custom profile and build in profile are both using DEFAULT Piotr