Page not available after replacing SSL certificate

I think I've been looking at the wrong part of the ssldump output.

I'm not 100% who is C or S.

 

 

 

This is the output from the connection I'm concerned with, but I don't know enough about ssldump to comment on it.

 

 

 

New TCP connection 9: 10.x.x.199(44455) <-> 10.x.x.3(443)

 

9 1 0.0195 (0.0195) C>S Handshake

 

ClientHello

 

Version 3.1

 

cipher suites

 

Unknown value 0xc00a

 

Unknown value 0xc014

 

Unknown value 0x88

 

Unknown value 0x87

 

TLS_DHE_RSA_WITH_AES_256_CBC_SHA

 

TLS_DHE_DSS_WITH_AES_256_CBC_SHA

 

Unknown value 0xc00f

 

Unknown value 0xc005

 

Unknown value 0x84

 

TLS_RSA_WITH_AES_256_CBC_SHA

 

Unknown value 0xc007

 

Unknown value 0xc009

 

Unknown value 0xc011

 

Unknown value 0xc013

 

Unknown value 0x45

 

Unknown value 0x44

 

TLS_DHE_DSS_WITH_RC4_128_SHA

 

TLS_DHE_RSA_WITH_AES_128_CBC_SHA

 

TLS_DHE_DSS_WITH_AES_128_CBC_SHA

 

Unknown value 0xc00c

 

Unknown value 0xc00e

 

Unknown value 0xc002

 

Unknown value 0xc004

 

Unknown value 0x96

 

Unknown value 0x41

 

TLS_RSA_WITH_RC4_128_MD5

 

TLS_RSA_WITH_RC4_128_SHA

 

TLS_RSA_WITH_AES_128_CBC_SHA

 

Unknown value 0xc008

 

Unknown value 0xc012

 

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA

 

TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA

 

Unknown value 0xc00d

 

Unknown value 0xc003

 

Unknown value 0xfeff

 

TLS_RSA_WITH_3DES_EDE_CBC_SHA

 

compression methods

 

unknown value

 

NULL

 

9 2 0.0196 (0.0000) S>C Handshake

 

ServerHello

 

Version 3.1

 

session_id[32]=

 

1c 16 d1 cb 2d d0 e6 f0 81 a6 83 53 da 88 a4 2c

 

19 64 34 24 fe 1c 21 cc 7f b1 b8 10 0b e2 7e fb

 

cipherSuite TLS_RSA_WITH_RC4_128_SHA

 

compressionMethod NULL

 

9 3 0.0196 (0.0000) S>C Handshake

 

Certificate

 

9 4 0.0196 (0.0000) S>C Handshake

 

ServerHelloDone

 

9 5 0.0947 (0.0751) C>S Handshake

 

ClientKeyExchange

 

9 6 0.0947 (0.0000) C>S ChangeCipherSpec

 

9 7 0.0947 (0.0000) C>S Handshake

 

Finished

 

9 8 0.0947 (0.0000) C>S application_data

 

---------------------------------------------------------------

 

GET /callreport/ HTTP/1.1

 

Host: 10.98.255.60

 

Connection: keep-alive

 

User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.83 Safari/535.11

 

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

 

Accept-Encoding: gzip,deflate,sdch

 

Accept-Language: en-GB,en-US;q=0.8,en;q=0.6

 

Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

 

 

 

---------------------------------------------------------------

 

9 9 0.0981 (0.0034) S>C ChangeCipherSpec

 

9 10 0.0981 (0.0000) S>C Handshake

 

Finished

 

 

 

 

have you seen tcp connection 10? tcp connection 9 is client-side which is between client and bigip. the tcp connection 10 should be server-side between bigip and pool member.

connection to the pool member is unencrypted, but I can't see this happen in tcpdump.

 

the next connection in the ssl dump is 11, iquery between LTM and GTM

connection to the pool member is unencrypted, but I can't see this happen in tcpdump. did you use filter when capturing packet? was the filter really correct? may you try capturing packet without filter or something like this?

 

 

tcpdump -nni 0.0:nnn -s0 -w /var/tmp/output.pcap host x.x.x.x or host y.y.y.y

 

x.x.x.x is virtual server ip

 

y.y.y.y is pool member ip

What do you get from using openssl to connect to the VS?

 

 

H