ssl logs

Question

hi everyone 
&nbsp;  
&nbsp; we've been using ssl termination for years without any problems, but recently i've implemented client certificate authentication for the first time. it seems to be working well, but we've got one customer who cannot connect to the web site. unfortunately, it's one of those situations where i'm 99% sure the problem is at their end, but they want to know what we can see in our logs. can someone let me know where big ip writes it's client authentication attempts? 
&nbsp;  
&nbsp; thanks

hooleylist · Answer

I don't think you'll see any connection failure logs.  Your best bet for troubleshooting would probably be to capture a tcpdump of the client connection failure and then use ssldump on LTM to decode it.  You'll need to start the tcpdump before the TCP connection from the client to VIP is established so you get the initial SSL handshake in the trace.  You can then use ssldump to decode it: 
&nbsp;  
&nbsp; https://support.f5.com/kb/en-us/solutions/public/7000/800/sol7823.html 
&nbsp;  
&nbsp; tcpdump -i 0.0 -s0 -w/var/tmp/client_cert.dmp host CLIENT_IP 
&nbsp;  
&nbsp; ssldump -AdneN -r/var/tmp/client_cert.dmp -k/config/httpd/conf/ssl.key/server.key &gt;/var/tmp/client_cert.txt 
&nbsp;  
&nbsp; Aaron

skuba_85554 · Answer

ok, thanks hoolio

hooleylist · Answer

Also, make sure to change server.key to the SSL key used in your client SSL profile.  If you see just APPLICATION_DATA in the ssldump output, the decryption has failed.  If you want help deciphering the output, you might try opening a case with F5 Support. 
&nbsp;  
&nbsp; Aaron

Forum Discussion

ssl logs

3 Replies

Recent Discussions

BigIP Next - Health Monitors / Template

LDAPS and renegotiation

Need advise to setup a policy on F5

Web acceleration

What are the different phases in DevOps?

Related Content

SSL Orchestrator Enhanced Uses Case: Remote Logging

ASM logs

ASM LOGS

Logging DNS Requests

How I did it - "Remote Logging with the F5 XC Global Log Receiver and Elastic"