Hello
i want protect my https site behind my SRX , but my site cert contain this files :
1- site cert
2- site key
3 - intermediate cert
4- root cert
i config
#run request security pki local-certificate load certificate-id SITE-CERT-23 filename /cf/root/TEST-SITE-23.crt key /cf/root/TEST-SITE-23.pem
- create CA Profile
#set security pki ca-profile TEST-SITE-CA-ROOT ca-identity TEST-SITE-CA-ROOT
#set security pki ca-profile TEST-SITE-CA-INT ca-identity TEST-SITE-CA-INT
#commit
- add ca and Intermediate cert to CA profile
#run request security pki ca-certificate load filename /cf/root/TEST-SITE/TEST-SITE-23-ROOT.crt ca-profile TEST-SITE-CA-ROOT
#run request security pki ca-certificate load filename /cf/root/TEST-SITE/TEST-SITE-23-INT.crt ca-profile TEST-SITE-CA-INT
#run show security pki ca-certificate
- add CA Cert Group ( first commend not autofill must be write )
#set security pki ca-profile-group TEST-SITE-CA-G cert-base-count 2
#set security pki trusted-ca-group TEST-SITE-CA-G ca-profiles TEST-SITE-CA-ROOT
#set security pki trusted-ca-group TEST-SITE-CA-G ca-profiles TEST-SITE-CA-INT
#run show security pki ca-certificate brief
- create SSL PROXY profile
#set services ssl proxy profile TEST-SITE_SSL_PROXY trusted-ca TEST-SITE-CA-G
#set services ssl proxy profile TEST-SITE_SSL_PROXY root-ca SITE-CERT-23
#set services ssl proxy profile TEST-SITE_SSL_PROXY actions log all
then assign to policy but i get error :
tls_process_server_certificate:certificate verify failed(unable to get local issuer certificate)
what is my problem ?
how can upload all cert in my SRX ?
thnalks a lot
------------------------------
bahram peymani
------------------------------