SRX Services Gateway
Highlighted
SRX Services Gateway

SSL Proxy on CSO cloud service

2 weeks ago

Hello community:

 

I am trying to enable the SSL proxy on an SRX deployed in CSO but it does't work, any recommendation? I show you the steps I did:

 

I generated the root CA on OpenSSL using the commands recommended in Juniper documentation:

mkdir /etc/pki/tls/keys
mkdir /etc/pki/tls/certs

cd /etc/pki/tls

% openssl genrsa -des3 -out keys/name.key 2048

% openssl req -new -x509 -days 1095 –key keys/ssl-proxy-ca.key -out certs/name.cer

so I got the key and certificate (*.key and *.cer) I printed the content and saved in a notepad.

 

On CSO I went to Administration>Certificate Management>Certificates and click on More>Import Certificate. I entered the Certificate Name and chose the Certificate Type "Root CA". I checked the "Paste Certificate Content" option and paste the content copied in the OpenSSL step first the private key and after the certificate.

 

Capture.PNG

After I went to Configuration>SSL Proxy>Profiles and created a new profile. I filled the name field and chose the root certificate:

 

Capture.PNG2.PNG

 

I created a policy from Datacenter Zone to internet and applied the new profile in Configuration>SSL Proxy>Policy.

 

Capture.PNG

Finally I deployed all changes on SRX.

 

I downloaded on a laptop the certificate *.cer and installed it on Chrome.

 

It didn't work because any page is loaded and shows a message of internet disconnection.

 

Capture.PNG

 

When I deleted the ssl policy, Web page access is working fine.

 

Best regards

Karlink

1 REPLY 1
Highlighted
SRX Services Gateway
Solution
Accepted by topic author karlink_genius
Monday

Re: SSL Proxy on CSO cloud service

Monday

adding the passphrase on certificate configuration was the solution.