Forum Discussion
Kevin_Stewart
Jul 31, 2013Employee
The certificate error doesn't have anything to do with server response, at least not from a layer 7 (HTTP) perspective. When a client initiates an SSL session with a server, the server's immediate response (during the SSL negotiation and BEFORE any HTTP traffic) is a SERVERHELLO message. This is when it presents its certificate to the client. If that certificate 1) contains a subject name that is DIFFERENT than the name the client asked for, or 2) the client cannot establish a trust relationship based on its own explicit trust store, the user will see the certificate error message. So, if you have a clientssl profile assigned to the VIP, and that profile is using a certificate that has a subject of "irec.fgbapps.local", the client is asking for "https://irec.fgbapps.local", and the client can trust the issuer of that certificate, then another likely cause of the certificate error is some communication from the server that is redirecting the client to another host name. The best way to assess this is to capture the client (browser) side interaction with something like Fiddler.