Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Expired Certificate and HTTPS Probe Problem

Hi,

While configuring an HTTPS probe I observe that if the certificate on the target server is expired, the ACE marks the server as PROBE-FAILED. A Wireshark trace shows that the ACE refuses an expired certificate. Here is the probe configuration :

probe https NCL_PROBE_HTTPS

description *** Server Health Probe ***

interval 5

faildetect 2

passdetect interval 5

passdetect count 2

receive 4

ssl version all

request method get url /monitor/

expect status 200 200

header User-Agent header-value "Juniper DX 3200"

open 2

expect regex "OK"

I know that I can disable the validation check with an ssl parameter-map, but such a map is only applicable to a ssl-proxy service, not on a probe...

How do I make sure that the probe also ignors the unvalid certificate ?

Thank you for any help

Yves Haemmerli

1 REPLY
Bronze

Re: Expired Certificate and HTTPS Probe Problem

For the HTTPS probe sent by the ACE, if the server sends the expired certificate, then the ACE rejects that certificate and closes the connection with the RST.

566
Views
0
Helpful
1
Replies
CreatePlease to create content