Server SSL - Ignore bad certificates

Question

Is there a way to use a proxy to make SSL connections to servers with bad certificates? (I know this smells really bad, but the customer requires this for a number of reasons...) &nbsp;
&nbsp;When I set up a ServerSSL proxy, I understand that the server certificate is still inspected for authenticity. Can this be circumvented? I expect the certificate to fail on all three dimensions of authorization (name, date, and root CA).&nbsp;
&nbsp;Thank you,&nbsp;&nbsp;

martin_machacek · Answer

Ray,
this is off-topic for this forum, but if I'm already at it ... You can switch off server certificate verification by specifying:
serverssl server cert ignore
in you SSL proxy configuration. Please, refer to BIG-IP Reference Guide for details.

ray_morris_7896 · Answer

My appologies. I assumed that an iRule would be the solution.&nbsp;
&nbsp;FYI, the solution is more than just choosing 'ignore'. You must use a loopback VIP.&nbsp;
&nbsp;Here are the details:
&nbsp;https://tech.f5.com/home/solutions/sol1587.html&nbsp;
&nbsp;Thanks,&nbsp;
&nbsp;R

martin_machacek · Answer

SOL1587 is not relevant to the problem at hand. The virtual referenced by the proxy does not need to be attached to loopback address (but it is a good practice).

Forum Discussion

Server SSL - Ignore bad certificates

Recent Discussions

NetScaler to F5 Migration

LTM Rule, iRule, or Brute Force Configuration to Limit URL Access

Application only need to access from 2 uris

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

AS3 Limitations

Related Content

Help F5 Transform the BIG-IP Administrator Certification

Re: Management Certificate

F5 Certified Administrator NGINX certification now available!

Trouble applying GoDaddy certificate to a virtual server

Updating SSL Certificates on BIG-IP using REST API

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS