Forum Discussion

Nimbostratus

Oct 17, 2017

SSL Intercept SHA1 Certificate

I am trying to set up SSL intercept to decrypt outbound SSL for inspection. I am not doing anything fancy just a basic decryption zone between the internal and external F5. Everything works except ...

Pedro_Roure_249
Jul 26, 2018
I opened a support ticket with F5 and the F5 engineer who answered the ticket made the following recommendation:

"configure a trusted certificate authority bundle in the server ssl profile. The default bundle contains many well-known public CA certs for server-side processing."

After I did this, the problem was solved.

Thanks.

Pedro_Roure_249

Altostratus

Same problem here in a deployment of APM + SWG with SSL Interception. Some certificates are generated using SHA1 and the Chrome browser (at latest version in the momment) is complaining with this error:

net::ERR_CERT_WEAK_SIGNATURE_ALGORITHM

Anyone solved this issue ?

JamesE_234305

Nimbostratus

Jul 06, 2018

The issue with SHA1 certificates being issued was fixed for me in 13.1.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

SSL Intercept SHA1 Certificate

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

Automating ACMEv2 Certificate Management on BIG-IP

Re: Management Certificate

Automate Let's Encrypt Certificates on BIG-IP

Automating NGINX Certificate Rotation on AWS

DNS Interception: Protecting the Client

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS