https virtual server terminating ssl at end servers side

Question

Hi, 
&nbsp; I am new in F5, I have some problem since several days in 
putting in place https virtual server terminating ssl at end servers 
(https end to end). 
&nbsp; I have configure: 
&nbsp; - 1 virtual server listening: https://10.0.0.1:10095 
&nbsp; - 1 pool servers with 2 nodes 
&nbsp; - 1 ssl client profile with certificat and key imported from end server 
&nbsp; - no ssl server profile 
&nbsp;  
&nbsp; When I run tests with the url: https://10.0.0.1:10095, I get the error below. 
&nbsp; It seem that the F5 is seeing http request instead of https. 
&nbsp;  
&nbsp; //////////////////////// 
&nbsp; Bad Request 
&nbsp; Your browser sent a request that this server could not understand. 
&nbsp;  
&nbsp; Reason: You're speaking plain HTTP to an SSL-enabled server port. 
&nbsp; Instead use the HTTPS scheme to access this URL, please. 
&nbsp;  
&nbsp;     Hint: https://10.0.0.1:10095/ 
&nbsp; ////////////////////// 
&nbsp;  
&nbsp; I also create an irule redirecting http to https, but it still not working. 
&nbsp;  
&nbsp;  when HTTP_REQUEST {  
&nbsp;      If it's not an HTTPS connection, send a redirect  
&nbsp;     if {not ($https)}{  
&nbsp;        HTTP::redirect https://[HTTP::host]:10095 
&nbsp;     }  
&nbsp;  }  
&nbsp; when HTTP_RESPONSE {  
&nbsp;      
&nbsp;     if {[HTTP::is_redirect]}{   
&nbsp;      Rewrite the Location header from http to https  
&nbsp;        HTTP::header replace Location [string map -nocase {http:// https://} [HTTP::header value Location]]   
&nbsp;     }  
&nbsp;  } 
&nbsp;  
&nbsp;  
&nbsp; Thank you for your help. 
&nbsp; Maybe, I missed something on my configuration or a mistake.

hooleylist · Answer

Do you want to pass the SSL through unencrypted?  If so, then you shouldn't add a client SSL or HTTP profile to the VS.  If you want to decrypt and then re-encrypt the SSL, then you must add a client and server SSL profile to the VS. 
&nbsp;  
&nbsp; Aaron

menzo_110968 · Answer

I want to decrypt and then re-encrypt the SSL. 
&nbsp; - I already tried with both client and server SSL profile (same cert/key), but it didn't work. 
&nbsp; Whatever the solution, I need to make it work. 
&nbsp;  
&nbsp; Thank you for your help. 
&nbsp; Menzo

nathe · Answer

So if you want to decrypt and then re-encrypt you will definitely need both a client and server ssl profile setting up, as Aaron mentioned previously.&nbsp;
&nbsp;If that still isn't working then, at a guess, could it be that you are listening on a random port (other than ssl port 443)? How have you setup the service port on the two pool members - are they set as 443? What port on the physical node itself is listening for ssl traffic? If that is only set as 443 then I imagine it may presume your random port is http, hence the failure. Or it could be port translation not checked?&nbsp;
&nbsp;This is totally a shot in the dark but thought it still worth mentioning - you never know.&nbsp;
&nbsp;N&nbsp;&nbsp;

Forum Discussion

https virtual server terminating ssl at end servers side

3 Replies

Recent Discussions

SMS server with BIGIP

F5 terminal - help to run commands - disk space full

Can iRule be used to perform exception of IPI category based on Geolocation

[ASM] - what is "Browser Challange file" ?

LDAPS and renegotiation

Related Content

Check a Virtual Server's SSL Status

Virtual Server graphical App for F5 LTM

virtual server config

Reviewing vulnerability scanner results for an Access Policy Manager (APM) protected Virtual Server

Integrating SSL Orchestrator with Fortinet FortiGate Virtual Edition as a Virtual Wire