Modifying the SSL Initiation Profile for Security Devices
You can use the SSL Initiation Profile section on the Modify Configuration page to create, edit and delete SSL Initiation Profile. The profile contains the settings for the SSL-initiated connections. This includes the list of supported ciphers and their priority, the supported versions of SSL/TLS, certificates and a few other options.
Refer to the Junos OS documentation (available at http://www.juniper.net/documentation/en_US/release-independent/junos/information-products/pathway-pages/junos/product/) for a particular release and device. There you can find detailed information on the configuration parameters for that device.
To modify SSL Initiation profile:
- Select Devices > Security Devices.
The Security Devices page appears.
- Select a device to modify the configuration.
- From the More or right-click menu, select Configuration > Modify Configuration.
The Modify Configuration page appears.
- Click the SSL Initiation link in the left-navigation
The SSL Initiation Profile page is displayed. The existing SSL Initiation profiles if any are displayed in the table.
See Table 1 for the list of actions that you can perform in this page.
- After modifying the configuration, you can cancel the changes, save the changes, preview the changes, or save the changes and deploy the configuration on the device. See Modifying the Configuration of Security Devices.
Table 1: SSL Initiation Profile Actions
Create a SSL Initiation Profile
Click the + icon to create a SSL Initiation Profile.
The Add SSL Initiation Profile page appears. Complete the configuration according to the guidelines provided in Table 2 and click OK.
Modify a SSL Initiation Profile
Select a SSL Initiation profile and click the pencil icon.
The Modify SSL Initiation Profile page appears, which shows the same fields as create a SSL Initiation Profile. You can modify some of the fields on this page. See Table 2 for more details on the fields. Click OK to save the changes.
Delete a SSL Initiation Profile
Select one or more SSL Initiation Profiles that you want to delete, and click the bin icon to delete the profiles.
The Warning page appears. Click Yes to confirm the deletion.
Show Hide Columns
Select to show or hide various parameters in the grid.
Table 2: Create SSL Initiation Profile
Enter a name for the SSL Initiation Profile.
Select the Allow check box to enable flow tracing for the profile.
Select the accepted protocol SSL version.
Select the preferred cipher depending on the key strength.
Select the Allow check box to enable SSL session cache.
Select an effective client certificate for the client.
Server Authentication Failure
Select the Allow check box to ignore server authentication failure completely.
Select the Allow check box to disable CRL validation. Certificate Revocation List (CRL) validation on SRX Series device involves checking for revoked certificates from servers.
Select an action if CRL information is not present. You can allow or drop the sessions when a CRL information is not available.
Hold Instruction Code
Select the Allow check box to allow the sessions when a certificate is revoked, and the revocation reason is on hold.