While configuring an HTTPS probe I observe that if the certificate on the target server is expired, the ACE marks the server as PROBE-FAILED. A Wireshark trace shows that the ACE refuses an expired certificate. Here is the probe configuration :
probe https NCL_PROBE_HTTPS
description *** Server Health Probe ***
passdetect interval 5
passdetect count 2
ssl version all
request method get url /monitor/
expect status 200 200
header User-Agent header-value "Cisco ACE-4710"
expect regex "PROBE_OK"
I can disable the expiration date validation check with an ssl parameter-map, but such a map is only applicable to the backend session (on a ssl-proxy service), but not on a https probe...
How do I make sure that my https probe can bypass the certificate validation check ?
Introduction This article will help you understand the steps on how to
download the UCS licenses from the Cisco Systems website and then
installing it on the UCS. The redacted (blue lines) just covers up
certain numbers for privacy please do not take them...
Introduction This article will help you understand and educate the
customer on how to clear their "expired licenses"
(license-graceperiod-expired) from their UCS-M. If a customer just
purchased a license and needs a step by step guide on how to download
Introduction Prepositioning is a powerful tools on the WAAS platform but
it is not always easy to figure out why your jobs are failing when
trying to retrieve the files.Here is a method that should help you to
figure out the reason why they are not succes...