cancel
Showing results for 
Search instead for 
Did you mean: 

Bypass certificate check

GBurch
Altostratus
Altostratus

Is there any way that checking the certificate details could be bypassed in specific cases (e.g. a particular client/IP Address, particular URLs/domains) when using SWG as a Forward Proxy?

 

We are trying to set up a Red Hat Satellite server to download repositories from Red Hat and make them available internally. The documentation states that "Use of an SSL interception proxy interferes with this communication. These hosts must be whitelisted on the proxy." Apparently, the reason an SSL Interception proxy interferes with it is that the server certificates aren't signed with publicly trusted certs. The application trusts these certificates, but obviously the proxy doesn't.

 

We do have an SSL Intercept bypass list in place, but as I understand it, the proxy will still check that the certificate is valid (as this can be checked without decoding the traffic). Is there any way that we can disable or bypass this check for this traffic?

1 ACCEPTED SOLUTION

Have you checked if the SSL server profile options are set to ignore under "Server Authentication settings"?

 

https://support.f5.com/csp/article/K14806

View solution in original post

2 REPLIES 2

Have you checked if the SSL server profile options are set to ignore under "Server Authentication settings"?

 

https://support.f5.com/csp/article/K14806

OK, so "Untrusted Certificate Response Control" is set to Ignore already, so I guess there isn't a problem here.

 

I was sure we were filtering out invalid certificates at that level. I guess I should have checked first.

 

Thanks for your help