TLS errors are a frequent reason an interception session fails to produce useful captures. This action lets you push past a bad certificate just long enough to see what the application is sending, while keeping validation enabled everywhere else.
Enable skipRemoteCertificateValidationAction when the upstream server presents a certificate that the default validator rejects: an expired certificate, a self signed one, a hostname mismatch, or a chain signed by a CA Fluxzy does not trust. Instead of failing the connection, Fluxzy completes the handshake anyway, lets you observe the traffic, and continues with the rest of the rule pipeline.
Typical situations:
This is a debugging convenience. Do not leave it enabled for production captures: it removes a real security check. Scope it tightly to the hosts you actually need to inspect.
Targeted bypass so the rest of the proxy traffic still benefits from full certificate validation.
rules:
- filter:
typeKind: HostFilter
pattern: dev.internal.example.com
actions:
- typeKind: SkipRemoteCertificateValidationAction
Use a regex pattern to cover any staging hostname under example.com without disabling validation globally.
rules:
- filter:
typeKind: HostFilter
pattern: '.*\.staging\.example\.com'
operation: Regex
actions:
- typeKind: SkipRemoteCertificateValidationAction
Some legacy servers need both relaxed validation and an older TLS version to negotiate successfully.
rules:
- filter:
typeKind: HostFilter
pattern: legacy.example.com
actions:
- typeKind: SkipRemoteCertificateValidationAction
- typeKind: ForceTlsVersionAction
tlsVersion: Tls12
Skip validating remote certificate. Fluxzy will ignore any validation errors on the server certificate.
Evaluation scope defines the timing where this filter will be applied.
onAuthorityReceived This scope denotes the moment fluxzy is aware the destination authority. In a regular proxy connection, it will occur the moment where fluxzy parsed the CONNECT request.
skipRemoteCertificateValidationAction
This action has no specific characteristic
The following examples apply this action to any exchanges
Skip validating remote certificate. Fluxzy will ignore any validation errors on the server certificate.
rules:
- filter:
typeKind: AnyFilter
actions:
- typeKind: SkipRemoteCertificateValidationAction
View definition of SkipRemoteCertificateValidationAction for .NET integration.
This action has no related action
Yes. Fluxzy completes the handshake and decrypts the exchange normally. Only the validation step is skipped, the encryption itself works as usual.
Scoping the bypass with a filter limits the blast radius. If a different upstream serves a malicious certificate, the rest of your traffic still benefits from full validation.
No. This action only relaxes validation of the remote server certificate. Client certificates configured with setClientCertificateAction are unaffected.
No. Fluxzy decrypts upstream and re encrypts toward the client with its own CA, so as long as the client trusts the Fluxzy CA the connection looks healthy.