Help Center User GuideGetting Started
 
X
User Guide
Getting Started
Contents  

Add a SSL Initiation Profile

You are here: Configure > Security Services > SSL Profiles > SSL Initiation.

Procedure

To add a SSL initiation profile:

  1. Click the add icon (+) on the upper right side of the SSL Initiation Profile page.

    The Create SSL Initiation Profile page appears.

  2. Complete the configuration according to the guidelines provided in Table 287.
  3. Click OK to save the changes. If you want to discard your changes, click Cancel.

Table 287: Fields on the Create SSL Initiation Profile Page

Field

Action

General Information

Name

Enter a unique name of the SSL initiation profile.

The string must consists of alphanumeric characters, colons, periods, dashes, and underscores. No spaces are allowed; maximum length is 63 characters.

Flow Tracing

Select this option to enable flow trace for troubleshooting policy-related issues for this profile.

Protocol Version

Specifies the accepted protocol SSL version.

Select the protocol from the list: None, All, TSLv1, TSLv1.1, or TSLv1.2.

Preferred Cipher

Specify the cipher depending on their key strength. Select a preferred cipher from the list:

  • Custom—Configure custom cipher suite and order of preference.

  • Medium—Use ciphers with key strength of 128 bits or greater.

  • Strong—Use ciphers with key strength of 168 bits or greater.

  • Weak—Use ciphers with key strength of 40 bits or greater.

Custom Ciphers

Select one or more Ciphers from the list.

Click Clear All to clear the selected ciphers from the list.

Session Cache

Select this option to enable SSL session cache.

Certificate 

Trusted CA

Select the trusted certificate authority profile from the list.

Specify the set of ciphers the SSH server can use to perform encryption and decryption functions. If this option is not configured, the server accepts any supported suite that is available.

Client Certificate

Specify a client certificate that is required to effectively authenticate the client.

Select the appropriate client certificate from the list.

  • None

  • SSLRP_Automation_Cert_2

  • SSLFP_Automation_Cert_1

  • SSLRP_Automation_Cert_1

  • SSLFP_Automation_Cert_2

  • SSL2

Actions

Server Authentication Failure

Select this option to ignore server authentication completely.

In this case, SSL forward proxy ignores errors encountered during the server certificate verification process (such as CA signature verification failure, self-signed certificates, and certificate expiry).

We do not recommend this option for authentication, because configuring it results in websites not being authenticated at all. However, you can use this option to effectively identify the root cause for dropped SSL sessions.

CRL Validation

Enable this option to disable CRL validation.

Action

Select an action from the list if CRL info is not present:

  • None

  • Allow

  • Drop

Hold Instruction Code

Select Ignore if you want to keep the instruction code on hold for this profile.

Related Documentation

Ask questions in TechWiki

Check documentation in TechLibrary

Rating by you:      
X

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:
Email:

Need product assistance? Contact Juniper Support

Submit