SSL monitor fails after hotfix
We have two F5 LTM's in a Sync-Failover pair. They're load balancing some critical production services. They are automatically sync'ed. I've just applied Hotfix 6.0.442 to the standby.
After the reboot, one of our services failed. The service that failed is a web (Apache/Tomcat). The health monitor for the service pool uses an https get to check the content of a web page. I've enabled monitor logging and the log shows
(_recv_active_service_ping): read failed [ addr=::ffff:xxx.xxx.xxx.xxx:443 srcaddr=::ffff:xxx.xxx.xxx.xxx%0:56209 ] 2015-12-08 17:17:03.843802: ID 560 :(_recv_active_service_ping): Response did not match recv regex yet [ addr=::ffff:xxx.xxx.xxx.xxx:443 srcaddr=::ffff:xxx.xxx.xxx.xxx%0:56209 ].
Trying to get the url from the command line using curl also fails with a certificate error so I'm assuming that this is causing the problem although this was working before the application of the hotfix.
So, I've got a couple of questions:
- The primary has not had the hotfix applied - would applying this to thwe standby cause anything to change on the primary?
- Has anyone experienced issues with SSl certificates and health monitors?
- Is there anything in the hotfix that could cause this?
I'm now a bit nervous about applying the hotfix to the primary and considering rolling back the secondary.