Add a SSL Initiation Profile
You are here: Configure > Security Services > SSL Profiles > SSL Initiation.
To add a SSL initiation profile:
- Click the add icon (+) on the upper right side
of the SSL Initiation Profile page.
The Create SSL Initiation Profile page appears.
- Complete the configuration according to the guidelines provided in Table 1.
- Click OK to save the changes. If you want to discard your changes, click Cancel.
Table 1: Fields on the Create SSL Initiation Profile Page
Enter a unique name of the SSL initiation profile.
The string must consists of alphanumeric characters, colons, periods, dashes, and underscores. No spaces are allowed; maximum length is 63 characters.
Select this option to enable flow trace for troubleshooting policy-related issues for this profile.
Specifies the accepted protocol SSL version.
Select the protocol from the dropdown list: None, All, TSLv1, TSLv1.1, or TSLv1.2.
Specify the cipher depending on their key strength. Select a preferred cipher from the list:
Select one or more Ciphers from the list.
Click Clear All to clear the selected ciphers from the list.
Select this option to enable SSL session cache.
Select the trusted certificate authority profile from the list.
Specify the set of ciphers the SSH server can use to perform encryption and decryption functions. If this option is not configured, the server accepts any supported suite that is available.
Specify a client certificate that is required to effectively authenticate the client.
Select the appropriate client certificate from the list.
Server Authentication Failure
Select this option to ignore server authentication completely.
In this case, SSL forward proxy ignores errors encountered during the server certificate verification process (such as CA signature verification failure, self-signed certificates, and certificate expiry).
We do not recommend this option for authentication, because configuring it results in websites not being authenticated at all. However, you can use this option to effectively identify the root cause for dropped SSL sessions.
Enable this option to disable CRL validation.
Select an action from the list if CRL info is not present:
Hold Instruction Code
Select Ignore if you want to keep the instruction code on hold for this profile.