on 06-21-2016 4:04 PM
We are quickly approaching our production and deploy and are struggling to get traffic routed through BigIP to our SMP server.
The BigIP is not doing any validation of the certificate from the qa server, so that is not a problem
After BigIP opens the TCP connection to the SMP server on port 8081, they exchange several packets, like a typical SSL negotiation. But then the SMP server closes the connection before an HTTP request can be sent. It seems SMP is not allowing the connection for some unknown reason.
Can anyone suggest what to check next?
Hi Heather,
Can you share any server connection logs? Have you tested it without F5 and is it working fine?
Regards,
Nagesh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Heather,
Is your F5 and SMP is configured to trust each other. Are the certificates exchanged between them?
I see :
1. Error parsing HTTP request header
Please let me know how the security configurations set.
2. Error trying to obtain a certificate from the client javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
This happens if Certificates are not exchaged and the systems are not trusted, I have seen such error.
If its urgent, please raise OSS Ticket.
Regards,
Nagesh
You either need to install the SMP server self signed cert on the F5 box so it can validate the SMP server certificate or configure the F5 to not attempt to validate the certificate received from the SMP server. You don’t need the private key since you only need to validate the signing authority.
Another option is to have your internal CA sign the SMP server certificate and install the internal CA certification on the F5 (which may already be there).
--Bill
User | Count |
---|---|
84 | |
24 | |
11 | |
9 | |
7 | |
6 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.