Forum Discussion
Tom_Schaefer
Cirrus
I forgot to mention we are not yet on v13 (when SERVERSSL_SERVERCERT was added I believe). But forgetting the iRule for a moment, in just general LTM configuration, is there anyway to prevent the BIG-IP from connecting to the TLS server if the cert is not valid? I ask as even with drop, it still connects if the cert is expired or a bad CA. I'm wondering if those two options are just for CLIENTSSL and not SERVERSSL.
JG
Aug 10, 2019Cumulonimbus
Will you be able to share a screenshot of the section "Server Authentication" of your server-side SSL profile?