Certificate error from F5 virtual server

Nimbostratus

Mar 31, 2017

Sounds like you are passing SSL through to the server, so the server is presenting it's certificate when the client connects. Of course, with only the 'individual' certificates on the servers then that is what the user will see when they try to connect.

A few starter options:

1) Replace cert/key on all servers with new certificate for 'easysite.com'. Sounds like you want individual certs on each server when you connect directly, though.

2) Get a new certificate for 'easysite.com' and use it in a client-ssl profile on the BIGIP. Associate the client-ssl profile with the virtual server, as well as a server-ssl profile to re-encrypt traffic to the servers. In this scenario the BIGIP is terminating client SSL and presenting the easysite.com certificate to the client. By default the server-ssl profile doesn't verify the server certificate, so no changes needed on the pool members.

3) Get a new certificate for 'easysite.com', load it (and key) on all of your web servers alongside existing cert/key, and configure them to use SNI to determine which certificate to present to the client.

Forum Discussion

Certificate error from F5 virtual server

Recent Discussions

Disk space full - what files, folders are safe to delete?

ASM instance creation

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

F5Access | MacOS Sonoma

Related Content

Trouble applying GoDaddy certificate to a virtual server

Check a Virtual Server's SSL Status

Virtual Server graphical App for F5 LTM

virtual server config

Reviewing vulnerability scanner results for an Access Policy Manager (APM) protected Virtual Server