Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Add a SSL Initiation Profile

 

You are here: Configure > Security Services > SSL Profiles > SSL Initiation.

To add a SSL initiation profile:

  1. Click the add icon (+) on the upper right side of the SSL Initiation Profile page.

    The Create SSL Initiation Profile page appears.

  2. Complete the configuration according to the guidelines provided in Table 1.
  3. Click OK to save the changes. If you want to discard your changes, click Cancel.

Table 1: Fields on the Create SSL Initiation Profile Page

Field

Action

General Information

Name

Enter a unique name of the SSL initiation profile.

The string must consists of alphanumeric characters, colons, periods, dashes, and underscores. No spaces are allowed; maximum length is 63 characters.

Flow Tracing

Select this option to enable flow trace for troubleshooting policy-related issues for this profile.

Protocol Version

Specifies the accepted protocol SSL version.

Select the protocol from the list: None, All, TSLv1, TSLv1.1, or TSLv1.2.

Preferred Cipher

Specify the cipher depending on their key strength. Select a preferred cipher from the list:

  • Custom—Configure custom cipher suite and order of preference.

  • Medium—Use ciphers with key strength of 128 bits or greater.

  • Strong—Use ciphers with key strength of 168 bits or greater.

  • Weak—Use ciphers with key strength of 40 bits or greater.

Custom Ciphers

Select one or more Ciphers from the list.

Click Clear All to clear the selected ciphers from the list.

Session Cache

Select this option to enable SSL session cache.

Certificate 

Trusted CA

Select the trusted certificate authority profile from the list.

Specify the set of ciphers the SSH server can use to perform encryption and decryption functions. If this option is not configured, the server accepts any supported suite that is available.

Client Certificate

Specify a client certificate that is required to effectively authenticate the client.

Select the appropriate client certificate from the list.

  • None

  • SSLRP_Automation_Cert_2

  • SSLFP_Automation_Cert_1

  • SSLRP_Automation_Cert_1

  • SSLFP_Automation_Cert_2

  • SSL2

Actions

Server Authentication Failure

Select this option to ignore server authentication completely.

In this case, SSL forward proxy ignores errors encountered during the server certificate verification process (such as CA signature verification failure, self-signed certificates, and certificate expiry).

We do not recommend this option for authentication, because configuring it results in websites not being authenticated at all. However, you can use this option to effectively identify the root cause for dropped SSL sessions.

CRL Validation

Enable this option to disable CRL validation.

Action

Select an action from the list if CRL info is not present:

  • None

  • Allow

  • Drop

Hold Instruction Code

Select Ignore if you want to keep the instruction code on hold for this profile.