SRX

Expand all | Collapse all

SSL Proxy on CSO cloud service

Jump to Best Answer
  • 1.  SSL Proxy on CSO cloud service

    Posted 05-19-2020 09:01

    Hello community:

     

    I am trying to enable the SSL proxy on an SRX deployed in CSO but it does't work, any recommendation? I show you the steps I did:

     

    I generated the root CA on OpenSSL using the commands recommended in Juniper documentation:

    mkdir /etc/pki/tls/keys
    mkdir /etc/pki/tls/certs
    
    cd /etc/pki/tls
    
    % openssl genrsa -des3 -out keys/name.key 2048
    
    % openssl req -new -x509 -days 1095 –key keys/ssl-proxy-ca.key -out certs/name.cer

    so I got the key and certificate (*.key and *.cer) I printed the content and saved in a notepad.

     

    On CSO I went to Administration>Certificate Management>Certificates and click on More>Import Certificate. I entered the Certificate Name and chose the Certificate Type "Root CA". I checked the "Paste Certificate Content" option and paste the content copied in the OpenSSL step first the private key and after the certificate.

     

    Capture.PNG

    After I went to Configuration>SSL Proxy>Profiles and created a new profile. I filled the name field and chose the root certificate:

     

    Capture.PNG2.PNG

     

    I created a policy from Datacenter Zone to internet and applied the new profile in Configuration>SSL Proxy>Policy.

     

    Capture.PNG

    Finally I deployed all changes on SRX.

     

    I downloaded on a laptop the certificate *.cer and installed it on Chrome.

     

    It didn't work because any page is loaded and shows a message of internet disconnection.

     

    Capture.PNG

     

    When I deleted the ssl policy, Web page access is working fine.

     

    Best regards

    Karlink



  • 2.  RE: SSL Proxy on CSO cloud service
    Best Answer

    Posted 05-25-2020 13:25

    adding the passphrase on certificate configuration was the solution.