Forum Discussion
13 Replies
- Kevin_StewartEmployee
So a client SSL profile and a server SSL profile applied to the VIP? What is the "SSL redirect"?
- Jeff_Knights_44Nimbostratus
the ssl redirect on the outside is to get the traffic from port 80 to port 443 on the external side.
then the traffic comes in and stays as port 443, the F5 offloads the external CERT and applies an internal cert (self signed) for the traffic between the F5 and the Application Server, so the internal server sees the user come in as port 443
- melcaniacCirrusWhen you are saying that you hit the external VIP, which virtual server are you hitting, the port 80 (HTTP) or 443 (443)? It sounds like your problem is with the SSL redirect. How are you redirecting SSL, via iRule?
- Jeff_Knights_44Nimbostratus
this is a standard ssl redirect from port 80 to port 443 using the Irule from F5
- Jeff_Knights_44Nimbostratus
the difference is in the rest of the question
- natheCirrocumulus
The SSL Profile (Server) you're using, is it the default one, serverssl, or a custom one you've created?
- Jeff_Knights_44Nimbostratus
a custom one derived from the original serverssl, no changes were made
- melcaniacCirrus
It would help to know if you are having a problem with the HTTP or HTTPS virtual server. If you are using Fiddler or cURL, what are your response headers when making a request to the HTTP virtual server?
If I try "curl -I http://mydomain.com" you should be getting a status code returned. What kind of response do you get if you try "curl -Ik https://mydomain.com"
- natheCirrocumulus
And have you got the external cert installed onto the server itself (the same as on the f5 client ssl profile)? I'd probably look to do an ssldump to see if that gives any clues (http://support.f5.com/kb/en-us/solutions/public/10000/200/sol10209.html)
Hope this helps
- Jeff_Knights_44Nimbostratus
when I do the "curl -Ik https://mydomain.com" I hit enter and the cursor goes to the next line and nothing comes back, it acts llike its waiting for something, the same way the browser screen does...
if I ctrl-c out of it and reinput the same line it immediately comes back with the proper page...
if I close the terminal and reopen a new terminal screen, re-input the site, and it just sits there...