Expand all | Collapse all

SSL Proxy on CSO cloud service

Jump to Best Answer
  • 1.  SSL Proxy on CSO cloud service

    Posted 05-19-2020 09:01

    Hello community:


    I am trying to enable the SSL proxy on an SRX deployed in CSO but it does't work, any recommendation? I show you the steps I did:


    I generated the root CA on OpenSSL using the commands recommended in Juniper documentation:

    mkdir /etc/pki/tls/keys
    mkdir /etc/pki/tls/certs
    cd /etc/pki/tls
    % openssl genrsa -des3 -out keys/name.key 2048
    % openssl req -new -x509 -days 1095 –key keys/ssl-proxy-ca.key -out certs/name.cer

    so I got the key and certificate (*.key and *.cer) I printed the content and saved in a notepad.


    On CSO I went to Administration>Certificate Management>Certificates and click on More>Import Certificate. I entered the Certificate Name and chose the Certificate Type "Root CA". I checked the "Paste Certificate Content" option and paste the content copied in the OpenSSL step first the private key and after the certificate.



    After I went to Configuration>SSL Proxy>Profiles and created a new profile. I filled the name field and chose the root certificate:




    I created a policy from Datacenter Zone to internet and applied the new profile in Configuration>SSL Proxy>Policy.



    Finally I deployed all changes on SRX.


    I downloaded on a laptop the certificate *.cer and installed it on Chrome.


    It didn't work because any page is loaded and shows a message of internet disconnection.




    When I deleted the ssl policy, Web page access is working fine.


    Best regards


  • 2.  RE: SSL Proxy on CSO cloud service
    Best Answer

    Posted 05-25-2020 13:25

    adding the passphrase on certificate configuration was the solution.