Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[WebappSecure/Mykonos] SSL Inspection configuration on JWAS

0

0

Article ID: KB29593 KB Last Updated: 20 Nov 2014Version: 1.0
Summary:
The KB outlines the configuration part of two SSL inspection modes: Passive Decryption and Termination.
Symptoms:
How to configure SSL Passive Decryption and/or Termination
Cause:

Solution:
To Configure SSL Passive Decryption:
1. Once the application for the backend server is defined under Configuration --> Applications, select the relevant application and edit the “Proxy/SSL Settings”
2. Configure the HTTPS port the backend uses for SSL, select the IP address that JWAS listens on for HTTPS requests, copy/paste the SSL cert and key (PKCS#1 with encoding as PEM format)
3. If it’s JWAS 5.5 train of code, select the checkbox for “Re-encrypt SSL”. If it’s JWAS 5.1 train of code, select the option “True” for "Use SSL Backend" under global Proxy / Backends page
4. Save the config changes


To Configure SSL Termination:
In SSL Termination, the communication between JWAS and Backend server is decrypted while the communication between JWAS and client is encrypted. So below would be config settings:
1. Once the application for the backend server is defined under Configuration --> Applications, select the relevant application and edit the “Proxy/SSL Settings”
2. Configure the HTTPS port the backend uses for SSL, select the IP address that JWAS listens on for HTTPS requests, copy/paste the SSL cert and key (PKCS#1 with encoding as PEM format)
3. If it’s JWAS 5.5 train of code, unselect the checkbox for “Re-encrypt SSL”. If it’s JWAS 5.1 train of code, select the option “False” for "Use SSL Backend" under global Proxy / Backends page
4. Save the config changes


How to verify if SSL Inspection is working as expected?
- Collect a packet capture on JWAS for the SSL traffic by filtering the host as backend server if needed. We can see that in SSL Passive Decryption scenario, all the communication is in SSL. Whereas in SSL Termination scenario, the communication between JWAS and Backend is HTTP and not HTTPS.

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search