Forum Discussion

JamesE_234305's avatar
JamesE_234305
Icon for Nimbostratus rankNimbostratus
8 years ago
Solved

SSL Intercept SHA1 Certificate

I am trying to set up SSL intercept to decrypt outbound SSL for inspection. I am not doing anything fancy just a basic decryption zone between the internal and external F5. Everything works except ...
application delivery
big-ip
LTM
security
  • Pedro_Roure_249's avatar
    Pedro_Roure_249
    7 years ago

    I opened a support ticket with F5 and the F5 engineer who answered the ticket made the following recommendation:

     

    "configure a trusted certificate authority bundle in the server ssl profile. The default bundle contains many well-known public CA certs for server-side processing."

     

    After I did this, the problem was solved.

     

    Thanks.

     

Ajac's avatar
Ajac
Icon for Nimbostratus rankNimbostratus
8 years ago

Hi,

 

I am experiencing the exact same issue as JamesE, but in my case it started after an upgrade to version 13 (from 12.1.2). For some sites the f5 proxy issues a SHA-1 certificate instead of a SHA-256 certificate. I have set the "SSL Sign Hash" option to SHA256 as per your advice, but no luck.

 

Any other advice, or should I start a case on this?

 

//A