For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

GBurch's avatar
GBurch
Icon for Altostratus rankAltostratus
Mar 25, 2021
Solved

Bypass certificate check

Is there any way that checking the certificate details could be bypassed in specific cases (e.g. a particular client/IP Address, particular URLs/domains) when using SWG as a Forward Proxy?   We a...
BIG-IP
Secure Web Gateway
security
ssl
  • Nikoolayy1's avatar
    Nikoolayy1
    Mar 26, 2021

    Have you checked if the SSL server profile options are set to ignore under "Server Authentication settings"?

     

    https://support.f5.com/csp/article/K14806

Nikoolayy1's avatar
Nikoolayy1
Icon for MVP rankMVP
Mar 26, 2021

Have you checked if the SSL server profile options are set to ignore under "Server Authentication settings"?

 

https://support.f5.com/csp/article/K14806

  • GBurch's avatar
    GBurch
    Icon for Altostratus rankAltostratus
    Mar 26, 2021

    OK, so "Untrusted Certificate Response Control" is set to Ignore already, so I guess there isn't a problem here.

     

    I was sure we were filtering out invalid certificates at that level. I guess I should have checked first.

     

    Thanks for your help