Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Modifying the SSL Initiation Profile for Security Devices

 

You can use the SSL Initiation Profile section on the Modify Configuration page to create, edit and delete SSL Initiation Profile. The profile contains the settings for the SSL-initiated connections. This includes the list of supported ciphers and their priority, the supported versions of SSL/TLS, certificates and a few other options.

Note

Refer to the Junos OS documentation (available at http://www.juniper.net/documentation/en_US/release-independent/junos/information-products/pathway-pages/junos/product/) for a particular release and device. There you can find detailed information on the configuration parameters for that device.

To modify SSL Initiation profile:

  1. Select Devices > Security Devices.

    The Security Devices page appears.

  2. Select a device to modify the configuration.
  3. From the More or right-click menu, select Configuration > Modify Configuration.

    The Modify Configuration page appears.

  4. Click the SSL Initiation link in the left-navigation menu.

    The SSL Initiation Profile page is displayed. The existing SSL Initiation profiles if any are displayed in the table.

    See Table 1 for the list of actions that you can perform in this page.

  5. After modifying the configuration, you can cancel the changes, save the changes, preview the changes, or save the changes and deploy the configuration on the device. See Modifying the Configuration of Security Devices.

Table 1: SSL Initiation Profile Actions

Action

Description

Create a SSL Initiation Profile

Click the + icon to create a SSL Initiation Profile.

The Add SSL Initiation Profile page appears. Complete the configuration according to the guidelines provided in Table 2 and click OK.

Modify a SSL Initiation Profile

Select a SSL Initiation profile and click the pencil icon.

The Modify SSL Initiation Profile page appears, which shows the same fields as create a SSL Initiation Profile. You can modify some of the fields on this page. See Table 2 for more details on the fields. Click OK to save the changes.

Delete a SSL Initiation Profile

Select one or more SSL Initiation Profiles that you want to delete, and click the bin icon to delete the profiles.

The Warning page appears. Click Yes to confirm the deletion.

Show Hide Columns

Select to show or hide various parameters in the grid.

Table 2: Create SSL Initiation Profile

Field

Action

General Information 

Name

Enter a name for the SSL Initiation Profile.

Flow Tracing

Select the Allow check box to enable flow tracing for the profile.

Protocol Version

Select the accepted protocol SSL version.

Preferred Ciphers

Select the preferred cipher depending on the key strength.

Session Cache

Select the Allow check box to enable SSL session cache.

Certificate 

Client Certificate

Select an effective client certificate for the client.

Action 

Server Authentication Failure

Select the Allow check box to ignore server authentication failure completely.

CRL Validation

Select the Allow check box to disable CRL validation. Certificate Revocation List (CRL) validation on SRX Series device involves checking for revoked certificates from servers.

Action

Select an action if CRL information is not present. You can allow or drop the sessions when a CRL information is not available.

Hold Instruction Code

Select the Allow check box to allow the sessions when a certificate is revoked, and the revocation reason is on hold.