Hello community:
I am trying to enable the SSL proxy on an SRX deployed in CSO but it does't work, any recommendation? I show you the steps I did:
I generated the root CA on OpenSSL using the commands recommended in Juniper documentation:
mkdir /etc/pki/tls/keys
mkdir /etc/pki/tls/certs
cd /etc/pki/tls
% openssl genrsa -des3 -out keys/name.key 2048
% openssl req -new -x509 -days 1095 –key keys/ssl-proxy-ca.key -out certs/name.cer
so I got the key and certificate (*.key and *.cer) I printed the content and saved in a notepad.
On CSO I went to Administration>Certificate Management>Certificates and click on More>Import Certificate. I entered the Certificate Name and chose the Certificate Type "Root CA". I checked the "Paste Certificate Content" option and paste the content copied in the OpenSSL step first the private key and after the certificate.
After I went to Configuration>SSL Proxy>Profiles and created a new profile. I filled the name field and chose the root certificate:
I created a policy from Datacenter Zone to internet and applied the new profile in Configuration>SSL Proxy>Policy.
Finally I deployed all changes on SRX.
I downloaded on a laptop the certificate *.cer and installed it on Chrome.
It didn't work because any page is loaded and shows a message of internet disconnection.
When I deleted the ssl policy, Web page access is working fine.
Best regards
Karlink