Forum Discussion

Payal_S's avatar
Payal_S
Ret. Employee
Apr 14, 2016

iControl SOAP - skip certificate check

Hi Team,

 

In short issue is: Customer is making iControl SOAP calls to the BIG-IP and iControl libraries do a certificate check in order to make a connection.

 

Is there any way in the iControl client libraries to disable certificate check.

 

Reason for needing this: Customer is deploying a F5 solution in multi tenant environment, spinning up BIG-IP VEs as well as vCMP guests using automation. Having a certificate check for iControl calls, means - A customer/orchestrator needs to have some PKI infrastructure in place to provide BIG-IP with a certificate they trust - OR download the BIG-IP default certificate and have the client trust the certificate

 

This will become cumbersome since this activity needs to be done for each BIG-IP (VE or vCMP) instance created.

 

If someone could provide information of a way to dig into the iControl code and just disable the certificate check that would be of great help

 

Thanks Payal

 

3 Replies

  • What iControl library are you using? The solution will vary based on what you are using, and it most likely is not iControl doing this, but whatever underlying library it is using to handle the HTTPS connection.
  • Payal_S's avatar
    Payal_S
    Ret. Employee
    Thanks for replying. You were right it was the Java library that was handling the HTTPS connection, managed to skip in the certificate check using the Java libraries Thanks for pointing this out.
  • The iControl library for Java has a XTrustProvider class in it that should have the code to bypass self-side validation checks.