SSL orchestrator

Question

Dear F5
Whilst SSL orchestrator as man in middle box exposing own certificate against client web broswer there is always warning on broswer that is not possible verify certificate against Certification authority which is obvious if certificate is faked by SSL orchestrator. Other words if SSL orchestrator works in conjunction with some Data Loss Prevention system such certificate error unveils for some bad insider guy in company that SSL is manipulated and decrypted by some middle box on way. So just simple question is there some smart solution on SSL orchestrator side which can overcome such its drawback and ensures that SSL orchestrator will remain hidden in a customer network?&nbsp;

nathe · Answer

To workaround browser warnings the clients will need to trust the CA certificate creating the MITM certificate on behalf of the destination. That's what I thought anyway. Or are you talking about non-Corporate/domain devices who won't trust this certificate?

liefzimmerman · Answer

leaving a test reply.

Forum Discussion

SSL orchestrator

2 Replies

Welcome! a la Communidad DevCentral LATAM de F5!

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

Recent Discussions

PCI Compliance and ASM

irule for redirect and header injection

What happens if I activate only ASM without provisioning LTM?

Implement load balancing solution with constraints

How to Block Source IP for 24 Hours After TPS Violation (F5 DoS / iRule / SSL Proxy Setup)

Related Content

Introduction to BIG-IP SSL Orchestrator

SSL Orchestrator Service Extensions: User Coaching

F5 BIG-IP Zero Trust with BIG-IP SSL Orchestrator

Addressing Shadow AI with F5 BIG-IP SSL Orchestrator

Integrating Security Solutions with F5 BIG-IP SSL Orchestrator

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS