Public Key Infrastructure (PKI)
-
Support for dynamic update of trusted CA bundle for SSL proxy (SRX Series, cSRX, and vSRX 3.0)—Starting in Junos OS Release 23.4R1, we support dynamic update of default trusted CA certificates for SSL proxy. Earlier in Junos OS Release 23.2R1, we introduced dynamic update of default trusted CA certificates for Junos OS devices. In the current release, we've made the following enhancements:
-
The Juniper content delivery network (CDN) server (http://signatures.juniper.net/cacert) is up to date with the latest copy of trusted CA certificates.
-
The SSL proxy on your SRX Series Firewall uses the latest trusted CA certificate from the default trusted CA bundle downloaded to your device from the CDN server.
With this feature, we ensure authenticity, confidentiality, and integrity of SSL proxy-based communication.
-