Knowledge Search


[SRX] HTTPS access fails with "ERR_SSL_SERVER_CERT_BAD_FORMAT" error

  [KB35246] Show Article Properties


This article explains what users must do when they encounter the ERR_SSL_SERVER_CERT_BAD_FORMAT error during HTTPS access after enabling SSL Proxy on SRX devices.


After enabling SSL Proxy, when users access the device using HTTPS, they run into the ERR_SSL_SERVER_CERT_BAD_FORMAT error.


The above error is caused by the self-signed certificate missing the add-ca-constraint option, which specifies that the certificate can be used to sign other certificates.


To resolve this error, configure the following option when you create a self-signed certificate for SSL Proxy.

request security pki local-certificate generate-self-signed certificate-id SECURITY-cert domain-name subject,L=Sunnyvale,O=Mydomain,OU=LAB,CN=SECURITY email add-ca-constraint

For details on how to configure SSL Proxy, refer to Configuring SSL Proxy.

Related Links: