Forum Discussion
nitass_89166
Noctilucent
Such configuration is required only when LTM should be able to perform certificate based authentication as client - when target server is requiring it. Without private key it is not possible - Am I right here?
i agree.
When default serverssl profile is assigned to the same server (so no cert and no private key) communication with target server is no more working.
have you tried tcpdump/ssldump? what did you get?
dragonflymr
May 25, 2015Cirrostratus
I have no direct access to the system, waiting for dump to be provided. Still profile that is working is only different from build in serverssl in are of certificate assigned. All other setting are the same as in build in profile - a bit strange that result of using build in profile is loss of communication with target server.
Here is working profile
server-ssl some_name {
alert-timeout 60
authenticate once
authenticate-depth 9
authenticate-name none
ca-file none
cache-size 20000
cache-timeout 3600
cert some.crt
chain none
ciphers DEFAULT
crl-file none
defaults-from serverssl
handshake-timeout 60
key none
mod-ssl-methods disabled
mode enabled
options { dont-insert-empty-fragments }
partition Common
passphrase none
peer-cert-mode ignore
renegotiate-period indefinite
renegotiate-size indefinite
strict-resume disabled
unclean-shutdown enabled
I was suspecting issues with ciphers but custom profile and build in profile are both using DEFAULT
Piotr