Forum Discussion

Nimbostratus

Oct 17, 2017

SSL Intercept SHA1 Certificate

I am trying to set up SSL intercept to decrypt outbound SSL for inspection. I am not doing anything fancy just a basic decryption zone between the internal and external F5. Everything works except ...

Pedro_Roure_249
Jul 26, 2018
I opened a support ticket with F5 and the F5 engineer who answered the ticket made the following recommendation:

"configure a trusted certificate authority bundle in the server ssl profile. The default bundle contains many well-known public CA certs for server-side processing."

After I did this, the problem was solved.

Thanks.

Ajac

Nimbostratus

Oct 23, 2017

Hi,

I am experiencing the exact same issue as JamesE, but in my case it started after an upgrade to version 13 (from 12.1.2). For some sites the f5 proxy issues a SHA-1 certificate instead of a SHA-256 certificate. I have set the "SSL Sign Hash" option to SHA256 as per your advice, but no luck.

Any other advice, or should I start a case on this?

//A

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

SSL Intercept SHA1 Certificate

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

Automating ACMEv2 Certificate Management on BIG-IP

Re: Management Certificate

Automate Let's Encrypt Certificates on BIG-IP

Automating NGINX Certificate Rotation on AWS

DNS Interception: Protecting the Client

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS