Foundry ServerIron SSL Troubleshooting

Foundry ServerIron SSL Troubleshooting

 Logon to the serveriron and enter enable mode:
    rconsole 1 1 

    url debug 3  <client ip>   #client ip is the address you will initiate the traffic from using browser, etc

Generate traffic  # connect to the site through load-balancer address (make a hosts file entry if necessary)
After generating some traffic copy the output from the putty terminal and then turn off debugging with:
    url debug 0



Review output for errors and send to foundry if necessary
If you see

Error "You are about to be redirected to a connection that is not secure."  for pages on your ssl protected sites you may want to try the following:


Create  csw rules for Redirects

    csw-rule "r6" response-status-code 301 302

     csw-rule "r7" response-header "Location" pattern ""


Create a csw policy to rewrite the headers so that all redirects are sent via https instead of http

    csw-policy "sysxperts-301" type response-rewrite

      ! matches all status codes 301-302 for redirects

      match "r6" response-header-rewrite

      ! this takes the first four characters (offset 0 length 4 which is http) and replaces them with "https"

      match "r7" rewrite response-header-replace "https" offset 0 length 4


Bind the policy to your virtual server    

    server virtual

      port ssl response-rewrite-policy "sysxperts-301"

Show tech

Rconsole 1 1
show server session
show server debug
show server traffic
show server proxy
wsm show cpu
wsm dm resource
sh ssl key *
sh ssl cert *
sh ssl stat counter
sh ssl stat alert
sh ssl stat crypto
sh ssl stat client
sh socket stat
sh vm mem
sh vm deb
sh cp deb
sh ssl deb
sh tcp buf
sh cp stat
sh vm stat
sh sock list
sh ssl con

No comments: