Content
Description
Health check client certificate updates (running /c/slb/advhc/cert) do not affect SIP‑SSL real server health checks
that were already active before the change.
Scenario:
- The SIP server requests a client certificate during the TLS handshake.
- On the Alteon device:
- Initial setup: A real server/group/virtual service combination is configured and tested using a SIP SSL health check.
- A new client certificate and key are imported using /c/slb/ssl/cert, and the client certificate is configured running /c/slb/advhc/cert; apply.
Despite this, the new client certificate is not used in the subsequent TLS handshakes for the above real server/group/virtual service combination
Affected Versions
32.4.0.0 and later
Bug ID
AL-154573
Solution
Upgrade to a version that fixes the issue.
Workaround
To refresh the SSL context for the affected real server, perform the following actions on that real server:
- Disable and Apply
- Enable and Apply
- Allow time for the server to come up again based on the configured health check interval and "number of successful attempts to declare server up" settings.
- Run /c/slb off and Apply
- Run /c/slb on and Apply
Note: Take into account the potential service impact when planning the appropriate maintenance window
ETA for fix
The fix is scheduled to be available in the following releases:
- 35.0.0.0
- 34.5.7.0
- 34.0.12.0
- 33.5.16.0
- 33.0.20.0