Forum Discussion

NlbGeek_5198's avatar
NlbGeek_5198
Icon for Nimbostratus rankNimbostratus
Mar 22, 2013

VIP with Client side Cert and Server side Cert

hi

 

i am pretty new to Dev central, not sure if this question belongs here.

 

 

as mentioned in summary field "Having issues with F5 VIP and Server side Self signed cert on Apache Tomcat/7.0.37"

 

in the past i have configured a VIP with client side(verisign) and server side(Self Signed) SSL Certificate for an IIS Webserver to capture x-forwarded for messages which works like a charm

 

but recently got into a situation where i cannot get the VIP working with Client Side and Server Side SSL Certificate with Tomcat.

 

my server team guy created a self signed certificate and installed it on TCP port 10000 on Apache Tomcat/7.0.37 and on the VIP Configuration used "serverssl" and "serverssl-insecure-compatible" both dropdowns but page does not load.

 

on the Client side SSL, i have a Verisign certificate.

 

if i go to the page directly on my browser https://10.*.*.*:10000 it works fine, and can see the certificate on my browser that is exactly the same cert that has been installed on the server.

 

please let me know if anyone can help me in this case.

 

can explain in detail if my wording is not good.

 

thanks.

 

 

2 Replies

  • have you tried ssldump to see what was going on?

     

     

    sol10209: Overview of packet tracing with the ssldump utility

     

    http://support.f5.com/kb/en-us/solutions/public/10000/200/sol10209.html
  • i get the following message on F5 talking to server

     

     

    2 2 0.0030 (0.0019) S>C Alert

     

    level fatal

     

    value handshake_failure

     

     

    not sure what it means