"Hello,
MYN wrote:
Hi,
I just configured the SSL proxy
<skip>
In my case, users are not getting any Server certification validation error
<skip>
This is my configuration excerpt:
[edit services ssl proxy]
root@srx-240-h# show
profile SSL_PRFL-1 {
enable-flow-tracing;
preferred-ciphers medium;
trusted-ca 21FEB_GRP;
root-ca 21FEB;
actions {
ignore-server-auth-failure;
log {
all;
sessions-allowed;
}
}
}
Can anyone explain me this strange behavior?
Thanks,
MYN
Please remove the line "ignore-server-auth-failure" and then re-test.
https://www.juniper.net/documentation/en_US/junos12.1x44/topics/example/ssl-proxy-configuring.html
If ignore-server-auth-failure is set, then any errors encountered during server
certificate verification at the time of the SSL handshake are ignored.
Commonly ignored errors include the inability to verify CA signature,
incorrect certificate expiration dates, and so forth. If this option is not set,
all the sessions where the server sends self-signed certificates are dropped
if any errors are encountered.
HTH
Thx
Alex