Hi,

While configuring an HTTPS probe I observe that if the certificate on the target server is expired, the ACE marks the server as PROBE-FAILED. A Wireshark trace shows that the ACE refuses an expired certificate. Here is the probe configuration :

probe https NCL_PROBE_HTTPS

description *** Server Health Probe ***

interval 5

faildetect 2

passdetect interval 5

passdetect count 2

receive 4

ssl version all

request method get url /monitor/

expect status 200 200

header User-Agent header-value "Cisco ACE-4710"

open 2

expect regex "PROBE_OK"

I can disable the expiration date validation check with an ssl parameter-map, but such a map is only applicable to the backend session (on a ssl-proxy service), but not on a https probe...

How do I make sure that my https probe can bypass the certificate validation check ?

Thank you for any help

Yves Haemmerli