Forum Discussion
SWG Evaluation
- Aug 19, 2014
In fact, you can do SSL interception with embedded certificates (ex: "default" for F5).
You have to make sure of two things : - the Certificate is trusted by users, - the certificate is able to sign child certificates (keyring).
Please find below two links : - generating certificates for SSL interception : http://communicationsfinance.com/wp-content/uploads/2013/04/SSL-Interception-on-Proxy-SG.pdf - Configuring SSL Forward Proxy on F5 : http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-implementations-11-5-1/16.htmlconceptid
Hi,
You have to use a keering certificate that is trusted (or its Issuer is trusted by users)
It's a special kind of certificate.
BR
Yann
- Son_of_Tom_1379Aug 17, 2014
Nimbostratus
Thanks for that Yann, don't suppose you have anything more verbose? This is a certificate type I'm not familiar with. There is an internal PKI infrastructure which we may be able to leverage, I just find it hard to believe it's a requirement as products such as Symantec Web Gateway provide this functionality out of the box.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com