Forum Discussion

Jeff_Knights_44's avatar
Jeff_Knights_44
Icon for Nimbostratus rankNimbostratus
Aug 13, 2013

Setting up internal and external SSL for server that MUST see internal SSL for APP to work

I have setup a VIP that has an SSL redirect on the outside of the F5, and then used a self signed SSL on the inside so the server will be accessed via port 443.. We are using version 11.2.1.

 

The problem is, when you hit the external VIP the browser sits and spins until you either stop it or put the cursor to the right of the address and hit enter again and the application will respond with no problems....

 

This has been tried on several systems from different locations and it is always the same response as described above....

 

any ideas?

 

APM
dell
security

13 Replies

Sort By
Show More
  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus
    Aug 14, 2013

    Jeff, does using the v switch with curl (for verbose) give any more? curl -kv https://mydomain.com

     

    What about running SSLDUMP on the ltm, e.g. ssldump -Aed -nni 0.0 host x.x.x.x and port 443

     

    Do either of these help you further? N

     

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Aug 14, 2013

    I would definitely do an SSLDUMP as nathan suggests. Because you have the server private key, as applied in the client SSL profile, you can use that in the SSLDUMP to see the encrypted data:

     

    ssldump -k -AdNn -i 0.0 host x.x.x.x and port 443

     

  • Jeff_Knights_44's avatar
    Jeff_Knights_44
    Icon for Nimbostratus rankNimbostratus
    Aug 14, 2013

    I think I found the problem....

     

    When I initially built the VIPs on port 443 the directions I was using said to use a Default Persistance Profile of "SSL"

     

    I switched the DPP to use our custom cookie we built for use on other HTTPS sites in our domain and it is now working the way it is supposed to.

     

    Thanks for the Help guys, the curl is how I found it...