Help Center User GuideGetting StartedFAQ
 
X
User Guide
Getting Started
FAQ
Help Center
Show Contents
Help CenterManaging ConfigurationManaging SSL Proxies
Contents  
ContentsHide
ContentsHide
DownloadPrint

Configuring and Deploying an SSL Forward Proxy Policy

The following is the workflow for configuring and deploying an intent-based SSL forward proxy policy in CSO:

Procedure

  1. Obtain the root certificate and private key from your trusted certificate authority (CA).
  2. Combine the root certificate and private key into a single file.
  3. Import the certificate and private key file (on the Import Certificate page); see Importing a Certificate.
  4. (Optional) Install the imported certificate on one or more sites (on the Install Certificate page); see Installing and Uninstalling Certificates.
  5. By default, Juniper Networks ships trusted certificates for sites that use HTTPS. These certificates are installed automatically by CSO when the site is successfully provisioned.

    If you want to use additional trusted certificates, import and install the certificates as explained in Step 3 and 4.

  6. Create an SSL proxy profile (on the Create SSL Proxy Profiles) page; see Creating SSL Forward Proxy Profiles.

    Note 

    • Use the imported root certificate when you create the SSL proxy profile.

    • For trusted certificates, specify that all trusted certificates on the device are used (select All in the Trusted Certificate Authorities field).

  7. Create an SSL proxy policy intent that uses the SSL proxy profile that you created (on the SSL Proxy Policy page); see Creating SSL Proxy Policy Intents.
  8. Deploy the SSL proxy policy; see Deploying Policies.

    Note 

    • Ensure that the root and trusted certificates are imported into CSO before the policy is deployed.

    • If you have not installed the certificates referenced in the SSL proxy profile, then they are automatically installed when the SSL proxy policy is deployed.

  9. For Internet access from an SRX Series device by using the SSL proxy, ensure that you import the root certificate (obtained in Step 1) into the browsers of the clients accessing the Internet.

    Note If you do not import the certificate, the traffic does not go through for clients in the LAN segments.

Related Documentation

Help us to improve. Rate this article.
     
Feedback Received. Thank You!
Previous
Editing, Cloning, and Deleting SSL Forward Proxy Profiles
Next
Addresses and Address Groups Overview
Related Topics
Need more help?

Ask questions in TechWiki

Contact Customer Support

Check documentation in TechLibrary

© 2021 Juniper Networks, Inc. All rights reserved

Rating by you:      
X

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:
Email:

Need product assistance? Contact Juniper Support

Submit