cancel
Showing results for 
Search instead for 
Did you mean: 

Agentry SMP and BigIP (F5)

Former Member
0 Kudos

We are quickly approaching our production and deploy and are struggling to get traffic routed through BigIP to our SMP server. 

The BigIP is not doing any validation of the certificate from the qa server, so that is not a problem

After BigIP opens the TCP connection to the SMP server on port 8081, they exchange several packets, like a typical SSL negotiation.  But then the SMP server closes the connection before an HTTP request can be sent.  It seems SMP is not allowing the connection for some unknown reason.



Can anyone suggest what to check next? 

Accepted Solutions (1)

Accepted Solutions (1)

nageshcaparthy
Product and Topic Expert
Product and Topic Expert
0 Kudos

Hi Heather,

Can you share any server connection logs? Have you tested it without F5 and is it working fine?

Regards,

Nagesh

Former Member
0 Kudos

Yes without F5 connection to the server is good.  I'll reset and try to connect through F5 again.  ANy particular log you are looking for ?

nageshcaparthy
Product and Topic Expert
Product and Topic Expert
0 Kudos

Please set the Log settings to debug for Security, Network, Registration, Agentry, Client Request Trace.

Try to connect from the Applicaiton via F5 and look for Registration Error log to see if the the request is reached to SMP server. Share this log details for analysis.

Regards,

Nagesh

Former Member
0 Kudos

What's the best way for me to get the log file to you?  i have it zipped up.

nageshcaparthy
Product and Topic Expert
Product and Topic Expert
0 Kudos

This message was moderated.

nageshcaparthy
Product and Topic Expert
Product and Topic Expert
0 Kudos

Hi Heather,

Is your F5 and SMP is configured to trust each other. Are the certificates exchanged between them?

I see :

1. Error parsing HTTP request header

Please let me know how the security configurations set.

2. Error trying to obtain a certificate from the client javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated

This happens if Certificates are not exchaged and the systems are not trusted, I have seen such error.

If its urgent, please raise OSS Ticket.

Regards,

Nagesh

Former Member
0 Kudos

Nagesh...  I appologize for the late respsonse I've been on vacation.  WHen you ask how are the security configurations set are you talking about how they are set in SMP?  If so they are set to NoAuthentication for our agentry apps.

Former Member
0 Kudos

So i have another question... what certificates need to be installed where?  Do the SMP server certs need installed on BIGIP server or vice versa.  Also is the private key pair involved at all?

Former Member
0 Kudos

My BIGIP resource is telling me that he needs the matching private key to the certificate in order to install on BIGIP server.  How do I generate that to provide to him?

bill_froelich
Product and Topic Expert
Product and Topic Expert
0 Kudos

You either need to install the SMP server self signed cert on the F5 box so it can validate the SMP server certificate or configure the F5 to not attempt to validate the certificate received from the SMP server.  You don’t need the private key since you only need to validate the signing authority.

Another option is to have your internal CA sign the SMP server certificate and install the internal CA certification on the F5 (which may already be there).

--Bill

Former Member
0 Kudos

Thanks BIll we got it!  BIPIP is set to ssl passthrough and we're using an FE signed cert in SMP.  Thanks for all the help!

nageshcaparthy
Product and Topic Expert
Product and Topic Expert
0 Kudos

Glad to know that its working.

Sorry I did not see your comments. Please close the thread so that other may know the solution which worked for you.

Regards,

Nagesh

Answers (0)