While configuring an HTTPS probe I observe that if the certificate on the target server is expired, the ACE marks the server as PROBE-FAILED. A Wireshark trace shows that the ACE refuses an expired certificate. Here is the probe configuration :
probe https NCL_PROBE_HTTPS
description *** Server Health Probe ***
passdetect interval 5
passdetect count 2
ssl version all
request method get url /monitor/
expect status 200 200
header User-Agent header-value "Juniper DX 3200"
expect regex "OK"
I know that I can disable the validation check with an ssl parameter-map, but such a map is only applicable to a ssl-proxy service, not on a probe...
How do I make sure that the probe also ignors the unvalid certificate ?
VMware Trunk Port Group is supported from ACI version 2.1
VMM integration must be configured properly
ASA device package must be uploaded to APIC
ASAv version must be compatible with ACI and device package version
In the Previous articles of ACI Automation, we are using Postman/Newman as the Rest API tool to automate the ACI Configuration.
In this article I’m going to discuss on usin...
One of the first steps in building your ACI Fabric is to go through Fabric Discovery. While Fabric Discovery is usually a straightforward process, there are various issues that may prevent you from discovering an ACI switch. This article wil...