Jump to content
Welcome to our new Citrix community!

Backend SNI SSL Handshake time out


Kari Ruissalo

Recommended Posts

Hi,

 

We're facing an issue where we have the backend services running on IIS 10.0 (Server 2016) and multiple sites running on port 443 (due to application limitations). We have configured the monitor according to this article:

https://support.citrix.com/article/CTX120921

 

However we end up with the error "time out during ssl handshake state" with our monitor.

 

If we configure the service with HTTP and create new monitor without the "secure" parameter selected, it seems to be working just fine.

 

After thoroughly checking the configuration we checked the backend ssl profile and configured the SNIEnable and entered the host name in the profile, the probe started working. So my question is, do we need to create an ssl backend profile for each monitored IIS site with the host name configured?

Link to comment
Share on other sites

  • 2 months later...

Hi,

 

alternatively configure the following options in your service group:

 

SSL Parameters

Enable "SNI Enable"

try it again

if it's not working you have to put in your hostname in "Common Name", also.

 

I think the ADC needs this for succesfull SNI configuration because it cannot check the health of all your configured IIS Pages within SNI.

 

Regards

Julian

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...