F5 BIG-IP SSL Orchestrator Training Lab > All SSL Orchestrator Lab Guides > [Archived] SSL Orchestrator v7 (Agility 2020) Training Labs > SSL Orchestrator v7 - SSLO 201: Real World Use Cases / Putting It to Use (Agility | 2 hours) > 2. Managing Security Services & Service Chains Source | Edit on
2.3. Pre-existing environment validationΒΆ
Start an RDP session to the Windows 10 Desktop (Components > Windows 10 Desktop > ACCESS > RDP)
Login in as f5labs\mike (pw: agility)
Open the Firefox browser
Browse to
https://www.example.com/
Click on the padlock icon in the address bar
Click the arrow to the right of Connection secure
Confirm that the connection/certificate is verified by DigiCert Inc
Modify the client's proxy settings to point to F5 SSL Orchestrator
Click the OK button
Close and relaunch the Firefox browser
Browse to
https://www.example.com/
once againConfirm that the connection/certificate is now verified by f5labs.com
Confirm that the explicit proxy service is seeing decrypted traffic:
Start a Web Shell to Service - ExpProxy (Components > Service - ExpProxy > ACCESS > Web Shell)
Enter the following command in the Web Shell:
tail -f /var/log/squid3/access.log
Visit a few secure (HTTPS) websites (non-banking) using Firefox on the Windows 10 Desktop and confirm that access is being logged even though we are visiting a secure website. You should see log entries of the sites and URLs visited, similar to the example below:
Visit a financial institution (ex. https://www.chase.com) and verify that SSL Orchestrator is not intercepting by confirming that the verification is done by a trusted CA (ex. Entrust, Inc.). If the traffic was intercepted the connection/certificate would have been verified by f5labs.com. Because we are bypassing Financial Institutions in the SSL Orchestrator Security Policy and this website is a financial institution, the origin server's public certificate is presented to the client.
Confirm that the explicit proxy service is not seeing the bypassed (encrypted) traffic.