ACE ssl probe issue

Unanswered Question
Nov 4th, 2009
User Badges:

Hi,


I have configured an ssl probe as follows;



probe https test

port 8443

interval 5

faildetect 2

passdetect interval 5

passdetect count 2

receive 4

ssl version all

expect status 200 500

header Host header-value "bbauthpt"

open 2

expect regex "OK"


However I am getting invalid handshake errors if i look at the crypto stats in the Admin contexts and the probe never seems to be successfull.


The ACE is on the same network as the server and and I can see the requests using wireshark.


I can browse locally to the ssl page from another server in the same subnet but the ace seems to be having issues.


If i extend the timeout i get "invalid response from server"


The server is using a self signed cert?? Should this matter?


Any advice be much appreciated


Scott

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
scott-goodwin Wed, 11/04/2009 - 07:07
User Badges:

Hi Guys,


From the server it looks like the ACE is not happy with a self signed certificate.


Is this correct in that the https probe wont work with self signed??


Thanks


Scott

Gilles Dufour Wed, 11/04/2009 - 07:42
User Badges:
  • Cisco Employee,

Scott,


is the server certificate "valid through" date still valid ?


Gilles.

dlance Tue, 11/24/2009 - 10:02
User Badges:

Here is a big tip. Check and make sure the ACE has the correct date and time. We had an issue with our ACE

where the ssl probes failed because the clock was incorrect on the ACE.

Actions

This Discussion