https-Proxy and certs

We're using an active/passive cluster M370 with 12.5.2 U1 (12.5.2.B609628).
Here i configured a https-proxy policy from AnyExternal to a webserver in the DMZ (SNAT).
Here I enabled TLS-Offloading.
Checking the sites with ssllabs.com shows some smaller problems.
1. An error om certificate chain (On another webserver using then same certs but without TLS-Offloading there is no problem. I also reimported all certs on the box, no difference)
2. There is only TLS 1.0 available. For testing I set the minimum version for TLS 1.1.Then the server is not reachable from ssllabs.com

For this machine I must use TLS-Offloading. Its an older machine which don't support SHA256 certs. For the moment I prepare a new server. But it needs too much time for a quick change.

Thanks in advance for your answers.


Dirk Emmermacher

Sign In to comment.