Nikson_M
Jun 20, 2019Cirrus
https monitor issue on the F5, https monitor no longer works.
Team,
We have pool setup which makes a health check on "https" protocol. Since a few days this is not working and shows the pool members as down.
Now, we know that the pool members that are being monitored have gone through some certificate changes and the difference between the old certificate and the new certificate is as below:
- The old certificate had "Dual Stack RSA+ECDSA" disabled and the new certificate has "Dual Stack RSA+ECDSA" enabled.
- The old certificate had "SNI only" as Off and the new certificate has "SNI only" as On.
If I set the health monitor as tcp 443 or ICMP it works, but that is not what we want as it breaks the working. What do you suggest could have gone wrong here or what could be the direction we can take to fix this?
The VIP that calls this pool has a serverSSL profile configured and I somehow feel that we need to make some changes in that profile but we are not sure.
Thanks!!!
N