SRX

 View Only
last person joined: 3 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
Expand all | Collapse all

Upload SSL cert , SSL Key , ROOT cert , intermedate cert for ssl reverse proxy inspection

  • 1.  Upload SSL cert , SSL Key , ROOT cert , intermedate cert for ssl reverse proxy inspection

    Posted 12-05-2023 08:53

    Hello 

    i want protect my https site behind my SRX , but my site cert contain this files :

    1- site cert 

    2- site key 

    3 - intermediate cert

    4- root cert


    i  config 

    #run request security pki local-certificate load certificate-id SITE-CERT-23 filename /cf/root/TEST-SITE-23.crt key /cf/root/TEST-SITE-23.pem

    - create CA Profile 
    #set security pki ca-profile TEST-SITE-CA-ROOT ca-identity TEST-SITE-CA-ROOT
    #set security pki ca-profile TEST-SITE-CA-INT ca-identity TEST-SITE-CA-INT
    #commit

    - add ca and Intermediate cert to CA profile
    #run request security pki ca-certificate load filename /cf/root/TEST-SITE/TEST-SITE-23-ROOT.crt ca-profile TEST-SITE-CA-ROOT
    #run request security pki ca-certificate load filename /cf/root/TEST-SITE/TEST-SITE-23-INT.crt ca-profile TEST-SITE-CA-INT
    #run show security pki ca-certificate

    - add CA Cert Group  ( first commend not autofill must be write )
    #set security pki ca-profile-group TEST-SITE-CA-G cert-base-count 2
    #set security pki trusted-ca-group TEST-SITE-CA-G ca-profiles TEST-SITE-CA-ROOT
    #set security pki trusted-ca-group TEST-SITE-CA-G ca-profiles TEST-SITE-CA-INT
    #run show security pki ca-certificate brief

    - create SSL PROXY profile 
    #set services ssl proxy profile TEST-SITE_SSL_PROXY trusted-ca TEST-SITE-CA-G
    #set services ssl proxy profile TEST-SITE_SSL_PROXY root-ca SITE-CERT-23
    #set services ssl proxy profile TEST-SITE_SSL_PROXY actions log all


    then assign to policy but i get error :

    tls_process_server_certificate:certificate verify failed(unable to get local issuer certificate) 


    what is my problem ?

    how can upload all cert in my SRX ?



    thnalks a lot 




    ------------------------------
    bahram peymani
    ------------------------------


  • 2.  RE: Upload SSL cert , SSL Key , ROOT cert , intermedate cert for ssl reverse proxy inspection

    Posted 12-13-2023 09:03

    hello 

    can any body help me ?

    thnals 



    ------------------------------
    bahram peymani
    ------------------------------