Hawk / virtual-ip question

Running a 2-node cluster on OpenSuse Leap 15.5 with sbd fencing and hawk-ip as resources, I am stuck with the configuration of the virtual ip:
ring 0 is configured in network.
host 1 is
host 2 is
virtual ip is set to brd
I can see on eth0 the secondary ip on the cluster node where resource is running and it is moving when migrating the role.
But there are difficulties reaching the hawk-ui over this IP.
I did change the hawk certs and created a DNS setting that matches the name in the certificate, but there are situations where I cannot contact the Web-UI (page cannot be displayed)
I do see tls handhake errors when monitoring hawk.service, but not sure if this is related because they appear even when connection is established and site is called over host-ip address.
Even arp change on client looks as expected:
When migrating hawk-ip, the arp change is advertised to the client.
Hawk-UI is reachable through host ip, though
tried differnet browser, no cure (eventhough result in Edge is worst)

Any ideas appreciated.

For help with openSUSE releases you should use the openSUSE Forums at https://forums.opensuse.org/