Knowledge Search


×
 

[SRX] HTTPS access fails with "ERR_SSL_SERVER_CERT_BAD_FORMAT" error

  [KB35246] Show Article Properties


Summary:

This article explains what users must do when they encounter the ERR_SSL_SERVER_CERT_BAD_FORMAT error during HTTPS access after enabling SSL Proxy on SRX devices.

Symptoms:

After enabling SSL Proxy, when users access the device using HTTPS, they run into the ERR_SSL_SERVER_CERT_BAD_FORMAT error.

Cause:

The above error is caused by the self-signed certificate missing the add-ca-constraint option, which specifies that the certificate can be used to sign other certificates.

Solution:

To resolve this error, configure the following option when you create a self-signed certificate for SSL Proxy.

request security pki local-certificate generate-self-signed certificate-id SECURITY-cert domain-name labs.abc.net subject DC=mydomain.net,L=Sunnyvale,O=Mydomain,OU=LAB,CN=SECURITY email lab@labs.abc.net add-ca-constraint

For details on how to configure SSL Proxy, refer to Configuring SSL Proxy.

Related Links: