Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1784
Views
0
Helpful
3
Replies

ACE ssl probe issue

scott-goodwin
Level 1
Level 1

‎11-04-2009 03:48 AM

Hi,

I have configured an ssl probe as follows;

probe https test

port 8443

interval 5

faildetect 2

passdetect interval 5

passdetect count 2

receive 4

ssl version all

expect status 200 500

header Host header-value "bbauthpt"

open 2

expect regex "OK"

However I am getting invalid handshake errors if i look at the crypto stats in the Admin contexts and the probe never seems to be successfull.

The ACE is on the same network as the server and and I can see the requests using wireshark.

I can browse locally to the ssl page from another server in the same subnet but the ace seems to be having issues.

If i extend the timeout i get "invalid response from server"

The server is using a self signed cert?? Should this matter?

Any advice be much appreciated

Scott

Labels:
0 Helpful
3 Replies 3

scott-goodwin
Level 1
Level 1

‎11-04-2009 07:07 AM

Hi Guys,

From the server it looks like the ACE is not happy with a self signed certificate.

Is this correct in that the https probe wont work with self signed??

Thanks

Scott

0 Helpful

Gilles Dufour
Cisco Employee
Cisco Employee

‎11-04-2009 07:42 AM

Scott,

is the server certificate "valid through" date still valid ?

Gilles.

0 Helpful

dlance
Level 1
Level 1
In response to Gilles Dufour

‎11-24-2009 10:02 AM

Here is a big tip. Check and make sure the ACE has the correct date and time. We had an issue with our ACE

where the ssl probes failed because the clock was incorrect on the ACE.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card