HTTPS Monitor failing after upgrade to v11.4(HF3)
Hi folks.
We recently upgraded from 10.2.4(HF5) to 11.4.1(HF3) and have come across a strange problem with a HTTPS monitor. I have done some testing and can see the following:
pool member = 10.5.6.7:10443. Default HTTPS monitor = FAILS pool member = 10.5.6.7:443. Default HTTPS monitor = WORKS pool member = 10.5.6.7:10443. Default HTTPS_443 monitor = WORKS pool member = 10.5.6.7:443. Default HTTPS_443 monitor = WORKS
I have checked using telnet to ensure port 10443 is open - IT IS.
When connected i tried a GET for a file i know is there (small.gif) and receive following:
GET /small.gif
400 Bad Request
Bad Request
Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.
Hint: https://test.domain.com/
Connection closed by foreign host.
curl -v -k -L https://10.5.6.7:10443/small.gif
* About to connect() to 10.5.6.7 port 10443 (0)
* Trying 10.5.6.7... connected
* Connected to 10.5.6.7 (10.5.6.7) port 10443 (0)
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using DHE-RSA-AES256-SHA
* Server certificate:
* subject: C=GB; ST=Scotland; O=Company; OU=IS; CN=test.domain.com; emailAddress=test_admin@company.com
* start date: 2014-01-08 11:44:19 GMT
* expire date: 2029-01-29 11:44:19 GMT
* common name: test.domain.com (does not match '10.5.6.7')
* issuer: C=GB; ST=Scotland; L=Edinburgh; O=Company; OU=IS; CN=IS; emailAddress=test_admin@company.com
* SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.
> GET /small.gif HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 OpenSSL/0.9.8y zlib/1.2.3 libidn/0.6.5
> Host: 10.5.6.7:10443
> Accept: /
>
< HTTP/1.1 200 OK
< Date: Tue, 13 May 2014 13:12:35 GMT
< Server: Apache
< Last-Modified: Wed, 24 Mar 2010 08:48:39 GMT
< Accept-Ranges: bytes
< Content-Length: 826
< Connection: close
< Content-Type: image/gif
<
* Closing connection 0
* SSLv3, TLS alert, Client hello (1):
GIF89a÷ÀÀÀÿÿÿÿÿÿÿÿÿÿÿÿ3fÌÿ3333f33Ì3ÿff3f
Any help would be appreciated.
Thanks
Graham