Issue with new VeriSign certificate clients unable to access website we went from sha 128 to sha-256

What hardware are you running on? Not seen any issues with sha-256, but we had and issue with a client ssl profile change(removing insecure protocols)under 11.4 Exactly the same issue i.e web page wouldn't always render correctly when backed out everything worked . It only seemed to affect our 2000s and 4000s hardware, In the end we fixed by upgrading to 11.6 HF1. The only thing we could put it down to was a possible issue flagged under SOL15232. Just a thought.

another thought:

do you see the same issue in all browsers?

what about testing with CLI-based tools, e.g. curl or openssl? can you get the webpage?

One other possible issue to look for with sha-256 is the clients own environment. Validate which OS and browser they are using , our first attempt at sha256 fell foul of a client using an unpatched windows 2003 server.

External link below provides some more info https://casecurity.org/wp-content/uploads/2014/09/SHA-256-Support-List.pdf

1. Are you terminating (or bridging) SSL on the ADC?
2. The monitors are generally not connecting to the origin web servers the same way a browser would.
3. Does an SSL Labs report reveal anything?
4. If you're terminating/bridging, did you update the CA bundle on the ADC?
5. Are you using iApps? If so, is the iApp creating the SSL profiles?

1.Are you terminating (or bridging) SSL on the ADC? SSL is terminating on the server 3.Does an SSL Labs report reveal anything? Does F5 support put it in a lab environment is that what you mean? 4.If you're terminating/bridging, did you update the CA bundle on the ADC? Yes the CA bundle is on the ADC 5.Are you using iApps? No IAPPS