While configuring an HTTPS probe I observe that if the certificate on the target server is expired, the ACE marks the server as PROBE-FAILED. A Wireshark trace shows that the ACE refuses an expired certificate. Here is the probe configuration :
probe https NCL_PROBE_HTTPS
description *** Server Health Probe ***
passdetect interval 5
passdetect count 2
ssl version all
request method get url /monitor/
expect status 200 200
header User-Agent header-value "Juniper DX 3200"
expect regex "OK"
I know that I can disable the validation check with an ssl parameter-map, but such a map is only applicable to a ssl-proxy service, not on a probe...
How do I make sure that the probe also ignors the unvalid certificate ?
Thank you for any help