Forum Discussion
nitass
May 25, 2015Employee
Such configuration is required only when LTM should be able to perform certificate based authentication as client - when target server is requiring it. Without private key it is not possible - Am I right here?
i agree.
When default serverssl profile is assigned to the same server (so no cert and no private key) communication with target server is no more working.
have you tried tcpdump/ssldump? what did you get?
- dragonflymrMay 25, 2015CirrostratusI have no direct access to the system, waiting for dump to be provided. Still profile that is working is only different from build in serverssl in are of certificate assigned. All other setting are the same as in build in profile - a bit strange that result of using build in profile is loss of communication with target server. Here is working profile server-ssl some_name { alert-timeout 60 authenticate once authenticate-depth 9 authenticate-name none ca-file none cache-size 20000 cache-timeout 3600 cert some.crt chain none ciphers DEFAULT crl-file none defaults-from serverssl handshake-timeout 60 key none mod-ssl-methods disabled mode enabled options { dont-insert-empty-fragments } partition Common passphrase none peer-cert-mode ignore renegotiate-period indefinite renegotiate-size indefinite strict-resume disabled unclean-shutdown enabled I was suspecting issues with ciphers but custom profile and build in profile are both using DEFAULT Piotr