actions (Services SSL Initiation)
Syntax
actions {
crl {
disable;
if-not-present (allow | drop);
ignore-hold-instruction-code;
}
ignore-server-auth-failure;
}
Hierarchy Level
[edit services ssl initiation profile profile-name]
Description
Specify the certification revocation checks and traffic related actions for configuring SSL initiation support service. As a part of SSL initiation profile, you can specify actions related to certification revocations checks and chose an option to ignore certificate validation, root CA expiration dates, and other such issues based on your requirements. Commonly ignored errors include the inability to verify CA signature, incorrect certificate expiration dates, and so forth. We do not recommend using this option for authentication because configuring it results in websites not being authenticated at all.
Options
crl—Specify the certificate revocation actions.disable—Disable CRL verification.if-not-present—Specify actions for sessions.allow—Allow sessions when CRL information is not available.drop—Drop sessions when CRL information is not available.
ignore-hold-instruction-code—Ignore the unconfirmed (on hold) revocation status, and accept a certificate.
ignore-server-auth-failure—Ignore server authentication failure.
Required Privilege Level
services—To view this statement in the configuration.
services-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 12.1X44-D10.