Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...



status

show services ssl proxy status


Code Block
titlestatus
jcluser@JCL-NGFW-30> show services ssl proxy status  
PIC:fpc0 fpc[0] pic[0] ------
        One-Crypto       :  Enable
        Async Crypto     :  disable
Proxy-activation :  Only if interested svcs configured
        Local Logging    :  disable
SSLFP-PKID Link  :  UP
Certificate cache : -
Certificate Cache activated                : yes
Invalidate certificate cache on CRL update : Disabled
Max cert cache nodes  :       4000
Cert cache node in use :          6
Session cache : -
Session cache activated : Activated
Max session cache node  :      19660
Session cache node in use     :         33


statistics

show services ssl proxy statistics


Code Block
titlestatistics
collapsetrue
jcluser@JCL-NGFW-30> show services ssl proxy statistics     
PIC:fpc0 fpc[0] pic[0] ------
        sessions matched                                1031
        sessions bypassed:non-ssl                          0
        sessions bypassed:mem overflow                     0
        sessions bypassed:low memory                       0
        sessions created                                1031
        sessions ignored                                  92
        sessions active                                    6
        sessions dropped                                 160
        sessions whitelisted                               0
        whitelisted url category match                     0
        default profile hit                                0
        session dropped no default profile                 0
        policy hit no profile configured                   0


counters

show services ssl proxy counters all


Code Block
titlecounters
collapsetrue
jcluser@JCL-NGFW-30> show services ssl proxy counters all 
Lsys Name : root-logical-system

PIC:fpc0 fpc[0] pic[0] ------

session create failed                 0
non SSL sessions recieved             130
Memory failures                       0
session dropped                       1273
sessions matched                      7474
sessions created                      7474
sessions destroyed                    7474
sessions ignored                      130
sessions ignored : backup only        0
sessions whitelisted : IP based       0
sessions whitelisted : url based      0
crl : data added                      152
crl : certificate revoked             0
crl : no crl info present             119
crl : no CA certificate               643
SSL sessions                          7293
SMTP over STARTTLS                    0
IMAP over STARTTLS                    0
POP3 over STARTTLS                    0
SMTP  sessions                        0
IMAP  sessions                        0
POP3  sessions                        0
Server not supporting STARTTLS        0
Client not supporting STARTTLS        0
Unified policy : default profile hit  0
Unified policy : no default profile   0






Certificateshttps://www.juniper.net/documentation/en_US/junos/topics/task/troubleshooting/security-ssl-proxy-troubleshooting.html

show services ssl certificate brief certificate-id ssl-fp2

Code Block
titlecertificates
collapsetrue
           
jcluser@JCL-NGFW-30> show services ssl certificate brief certificate-id ssl-fp2 


Lsys Name : root-logical-system

PIC:fpc0 fpc[0] pic[0] ------

CertID                : ssl-fp2
Certificate Type      : LOCAL-CERT
Issuer                : /C=US/ST=CA/L=Sunnyvale/O=Juniper POC/OU=LAB/CN=SRX POC/emailAddress=admi
n@jnpr.net
Subject               : /C=US/ST=CA/L=Sunnyvale/O=Juniper POC/OU=LAB/CN=SRX POC/emailAddress=admi
n@jnpr.net
Validity :
    Not before        : Tue 07/21/2015 12:49:35 AM
    Not after         : Mon 07/16/2035 12:49:35 AM
Public Key algorithm  : rsaEncryption



show services ssl certificate detail certificate-id ssl-fp2


Code Block
titledetails
collapsetrue
jcluser@JCL-NGFW-30> show services ssl certificate detail certificate-id ssl-fp2 


Lsys Name : root-logical-system

PIC:fpc0 fpc[0] pic[0] ------

CertID                : ssl-fp2
Certificate Type      : LOCAL-CERT
cert modify time      : Fri 06/28/2019 02:13:17 PM
key modify time       : Fri 06/28/2019 02:13:17 PM
certificate version   : 3
serial number         : e2 b9 52 41 26 46 c2 90 
Issuer                : /C=US/ST=CA/L=Sunnyvale/O=Juniper POC/OU=LAB/CN=SRX POC/emailAddress=admi
n@jnpr.net
Subject               : /C=US/ST=CA/L=Sunnyvale/O=Juniper POC/OU=LAB/CN=SRX POC/emailAddress=admi
n@jnpr.net
Validity :
    Not before        : Tue 07/21/2015 12:49:35 AM
    Not after         : Mon 07/16/2035 12:49:35 AM
Public Key algorithm  : rsaEncryption
Signature Algorithm   : sha256WithRSAEncryption




...