Help Center User GuideWhat's New
 
X
User Guide
What's New
Contents  

Enabling Juniper ATP Cloud for Encrypted HTTPS Connections

Procedure

If you have not already done so, you need to configure ssl-inspect-ca which is used for ssl forward proxy and for detecting malware in HTTPs. Shown below is just one example for configuring ssl forward proxy. For complete information, see Configuring SSL Proxy.

  1. From operational mode, generate a PKI public/private key pair for a local digital certificate.
    user@host > request security pki generate-key-pair certificate-id certificate-id size size type type

    For example:

    user@host > request security pki generate-key-pair certificate-id ssl-inspect-ca size 2048 type rsa
  2. From operational mode, define a self-signed certificate. Specify certificate details such as the certificate identifier (generated in the previous step), a fully qualified domain name for the certificate, and an e-mail address of the entity owning the certificate.
    user@host > request security pki local-certificate generate-self-signed certificate-id certificate-id domain-name domain-name subject subject email email-id

    For example:

    user@host > request security pki local-certificate generate-self-signed certificate-id ssl-inspect-ca domain-name www.juniper.net subject "CN=www.juniper.net,OU=IT,O=Juniper Networks,L=Sunnyvale,ST=CA,C=US" email security-admin@juniper.net

Once done, you can configure the SSL forward proxy to inspect HTTPs traffic. For example:

user@host# set services ssl proxy profile ssl-inspect-profile root-ca ssl-inspect-ca
user@host# set security policies from-zone trust to-zone untrust policy firewall-policy1 then permit application-services ssl-proxy profile-name ssl-inspect-profile

For a more complete example, see Example: Configuring a Juniper Advanced Threat Prevention Cloud Policy Using the CLI.

Related Documentation

Ask questions in TechWiki

Check documentation in TechLibrary

Rating by you:      
X

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:
Email:

Need product assistance? Contact Juniper Support

Submit