Forum Discussion
Bypass certificate check
Is there any way that checking the certificate details could be bypassed in specific cases (e.g. a particular client/IP Address, particular URLs/domains) when using SWG as a Forward Proxy?
We are trying to set up a Red Hat Satellite server to download repositories from Red Hat and make them available internally. The documentation states that "Use of an SSL interception proxy interferes with this communication. These hosts must be whitelisted on the proxy." Apparently, the reason an SSL Interception proxy interferes with it is that the server certificates aren't signed with publicly trusted certs. The application trusts these certificates, but obviously the proxy doesn't.
We do have an SSL Intercept bypass list in place, but as I understand it, the proxy will still check that the certificate is valid (as this can be checked without decoding the traffic). Is there any way that we can disable or bypass this check for this traffic?
Have you checked if the SSL server profile options are set to ignore under "Server Authentication settings"?
https://support.f5.com/csp/article/K14806
Have you checked if the SSL server profile options are set to ignore under "Server Authentication settings"?
https://support.f5.com/csp/article/K14806
- GBurchAltostratus
OK, so "Untrusted Certificate Response Control" is set to Ignore already, so I guess there isn't a problem here.
I was sure we were filtering out invalid certificates at that level. I guess I should have checked first.
Thanks for your help
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com