Modifying the SSL Initiation Profile for Security Devices
You can use the SSL Initiation Profile section on the Modify Configuration page to create, edit and delete SSL Initiation Profile. The profile contains the settings for the SSL-initiated connections. This includes the list of supported ciphers and their priority, the supported versions of SSL/TLS, certificates and a few other options.
Refer to the Junos OS documentation (available at http://www.juniper.net/documentation/en_US/release-independent/junos/information-products/pathway-pages/junos/product/) for a particular release and device. There you can find detailed information on the configuration parameters for that device.
To modify SSL Initiation profile:
Action |
Description |
---|---|
Create a SSL Initiation Profile |
Click the + icon to create a SSL Initiation Profile. The Add SSL Initiation Profile page appears. Complete the configuration according to the guidelines provided in Table 2 and click OK. |
Modify a SSL Initiation Profile |
Select a SSL Initiation profile and click the pencil icon. The Modify SSL Initiation Profile page appears, which shows the same fields as create a SSL Initiation Profile. You can modify some of the fields on this page. See Table 2 for more details on the fields. Click OK to save the changes. |
Delete a SSL Initiation Profile |
Select one or more SSL Initiation Profiles that you want to delete, and click the bin icon to delete the profiles. The Warning page appears. Click Yes to confirm the deletion. |
Show Hide Columns |
Select to show or hide various parameters in the grid. |
Field |
Action |
---|---|
General Information | |
Name |
Enter a name for the SSL Initiation Profile. |
Flow Tracing |
Select the Allow check box to enable flow tracing for the profile. |
Protocol Version |
Select the accepted protocol SSL version. |
Preferred Ciphers |
Select the preferred cipher depending on the key strength. |
Session Cache |
Select the Allow check box to enable SSL session cache. |
Certificate | |
Client Certificate |
Select an effective client certificate for the client. |
Action | |
Server Authentication Failure |
Select the Allow check box to ignore server authentication failure completely. |
CRL Validation |
Select the Allow check box to disable CRL validation. Certificate Revocation List (CRL) validation on SRX Series device involves checking for revoked certificates from servers. |
Action |
Select an action if CRL information is not present. You can allow or drop the sessions when a CRL information is not available. |
Hold Instruction Code |
Select the Allow check box to allow the sessions when a certificate is revoked, and the revocation reason is on hold. |