Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] Unable to get HTTPS access to ScreenOS firewall

0

0

Article ID: KB33320 KB Last Updated: 11 Nov 2018Version: 1.0
Summary:

When users try to get HTTPS access to the ScreenOS firewall, the connection remains unsuccessful and an error message is displayed on the web browser.

In this article, the reason for the error message is given, along with a solution to resolve the unsuccessful connection.

 

Symptoms:

While trying to get HTTPS access to the ScreenOS firewall, the browser displays the following message:

 

 

Cause:

Over the years, newer ciphers have been created, which are more immune to attacks compared to older RC4/DES ciphers. In fact, a majority of the browsers have stopped supporting the insecure RC4/DES ciphers.

If the ScreenOS firewall is configured to use SSL by using the RC4/DES cipher, the browser will not be able to establish a secure connection, and the HTTPS connection will fail due to cipher mismatch.

 

Solution:

Change the SSL cipher to 3DES.

Using the Command Line Interface (CLI)

set ssl encrypt 3des sha-1

Using the WebUI

  1. Navigate to Configuration > Admin > Management > Cipher.

  2. Select 3DES_SHA1 from the drop-down list.

 

 

Verify the changes by using the following command:

get ssl

web SSL enable.
SSL SSLv3 enable.
SSL client scsv disable.
web SSL port number(443).
web SSL cert: Default - System Self-Signed Cert.
web SSL cipher(3DES_SHA-1).   

 

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search