Forum Discussion

JamesE_234305's avatar
JamesE_234305
Icon for Nimbostratus rankNimbostratus
Oct 17, 2017

SSL Intercept SHA1 Certificate

I am trying to set up SSL intercept to decrypt outbound SSL for inspection. I am not doing anything fancy just a basic decryption zone between the internal and external F5. Everything works except ...
application delivery
BIG-IP
LTM
security
  • Pedro_Roure_249's avatar
    Pedro_Roure_249
    Jul 26, 2018

    I opened a support ticket with F5 and the F5 engineer who answered the ticket made the following recommendation:

     

    "configure a trusted certificate authority bundle in the server ssl profile. The default bundle contains many well-known public CA certs for server-side processing."

     

    After I did this, the problem was solved.

     

    Thanks.

     

Pedro_Roure_249's avatar
Pedro_Roure_249
Icon for Altostratus rankAltostratus
Jul 05, 2018

Same problem here in a deployment of APM + SWG with SSL Interception. Some certificates are generated using SHA1 and the Chrome browser (at latest version in the momment) is complaining with this error:

 

net::ERR_CERT_WEAK_SIGNATURE_ALGORITHM

 

Anyone solved this issue ?

 

  • JamesE_234305's avatar
    JamesE_234305
    Icon for Nimbostratus rankNimbostratus
    Jul 06, 2018

    The issue with SHA1 certificates being issued was fixed for me in 13.1.

     

  • boneyard's avatar
    boneyard
    Icon for MVP rankMVP
    Jul 07, 2018

    if you aren't on 13.1 and as pointed out a few times, please also open a F5 support ticket for such issues and please report back and feedback from there.

     

  • Pedro_Roure_249's avatar
    Pedro_Roure_249
    Icon for Altostratus rankAltostratus
    Jul 09, 2018

    Using the following version: BIG-IP 13.1.0.7 Build 0.0.1 Point Release 7.