Bumped into a problem after renewing an SSL Certificates utilized in just a few completely different profiles on an F5 Virprion (v15.1.3.1).
Sadly I wouldn’t have full admin entry to the F5 to activate debugging. I can view the configurations of the VIPs, profiles, swimming pools, certificates, and so forth. I’m one of many programs admin/engineers for the servers/companies behind the load balancing swimming pools and VIPs outlined within the F5.
The habits can also be inconsistent.
Working assessments utilizing the command openssl s_client -connect whereas utilizing tcpdump to seize the port 443 site visitors.
Intermittently the command will return:
Connecting to xxx.xxx.xxx.xxx
CONNECTED(00000005)
C08D251301000000:error:0A000126:SSL routines::sudden eof whereas studying:ssl/file/rec_layer_s3.c:692:
---
no peer certificates accessible
---
No consumer certificates CA names despatched
---
SSL handshake has learn 0 bytes and written 232 bytes
Verification: OK
The SSL handshake fails. Within the tcpdump seize, when the SSL handshake is failing the F5 is returning a “FIN,ACK” packet in response to the “Consumer Whats up” message from the openssl consumer. When profitable, the F5 sends the anticipated “Server Whats up” packet, and the SSL handshake continues to success.
What can be inflicting the F5 to fail the SSL handshake a number of the time?
Thanks upfront for any clues.
=====
The answer was an odd one. The certificates and belief chain was appropriate as famous. Changing the expiring certificates with the renewed one was carried out correctly by our community engineer. Oddly, the easy act of eradicating the SSL Consumer Profile from the VIP, replace the VIP, add the identical Profile again, replace the VIP (with no different adjustments) corrected the problem.