LTM HTTPS connection on non port 443

Question

I have users connecting to a web server on either HTTP or HTTPS as the initial connection via my F5 LTM.  Within this web page, there is another link that when click it attempts to open up a HTTPS session on port 8443.  
&nbsp;I am unable to get this working through my F5 LTM.&nbsp;
&nbsp;My setup simply includes a Virtual Server using a HTTP2HTTPS profile with a service port of 8443, pointing at a default resource pool which includes the single IP address of the real web server IP address.&nbsp;
&nbsp;When i connect directly to the web server (bypass the F5) i can open the HTTPS session on port 8443 successfully.  This indicates that something is either misconfigured in the F5 or this type of connection is unsupported bu the F5.&nbsp;
&nbsp;I am completely lost.  Any assistance is appreciated !&nbsp;&nbsp;&nbsp;&nbsp;

chris_miller · Answer

What do you mean by "http2https profile?" 
&nbsp;  
&nbsp; Your Virtual Server should be listening on 8443 and if you're terminating the SSL connection, you should have a client_ssl profile too. Is this the case?

dave_22257 · Answer

Sorry I just realized that my HTTP2HTTPS is a custom HTTP profile I have selected for use by the VIP, its simply a modified HTTP profile which has the Redirect ReWrite checked and set to ALL. 
&nbsp;  
&nbsp; Yes, my VIP is listening on port 8443 (I presume you are referring to the service port), and yes I do have a client_ssl profile defined and does work.  If the initial request is on HTTPS/443, the certificate is loaded accordingly and the connection is established accordingly.  Its only when I click on the link (HTTPS:8443) within this web page that is causing me the issue, I still get prompted for the certificate.

dave_22257 · Answer

Simple solution in the end.  needed to enable serverside SSL profile.

Forum Discussion

LTM HTTPS connection on non port 443

3 Replies

Recent Discussions

SMS server with BIGIP

F5 terminal - help to run commands - disk space full

Can iRule be used to perform exception of IPI category based on Geolocation

[ASM] - what is "Browser Challange file" ?

LDAPS and renegotiation

Related Content

Cannot modify Alias Service Port of a HTTP monitor

iRule redirect connection to pool on differente port

Current connections vs CLI show sys connections

HTTP Health Monitor Failure Behavior

Bypassing ASM on HTTP response