Skip to end of metadata
Go to start of metadata
You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
« Previous
Version 7
Next »
|
|
---|
status | show services ssl proxy status
jcluser@JCL-NGFW-30> show services ssl proxy status
PIC:fpc0 fpc[0] pic[0] ------
One-Crypto : Enable
Async Crypto : disable
Proxy-activation : Only if interested svcs configured
Local Logging : disable
SSLFP-PKID Link : UP
Certificate cache : -
Certificate Cache activated : yes
Invalidate certificate cache on CRL update : Disabled
Max cert cache nodes : 4000
Cert cache node in use : 6
Session cache : -
Session cache activated : Activated
Max session cache node : 19660
Session cache node in use : 33
|
statistics | show services ssl proxy statistics
jcluser@JCL-NGFW-30> show services ssl proxy statistics
PIC:fpc0 fpc[0] pic[0] ------
sessions matched 1031
sessions bypassed:non-ssl 0
sessions bypassed:mem overflow 0
sessions bypassed:low memory 0
sessions created 1031
sessions ignored 92
sessions active 6
sessions dropped 160
sessions whitelisted 0
whitelisted url category match 0
default profile hit 0
session dropped no default profile 0
policy hit no profile configured 0
|
counters | show services ssl proxy counters all
jcluser@JCL-NGFW-30> show services ssl proxy counters all
Lsys Name : root-logical-system
PIC:fpc0 fpc[0] pic[0] ------
session create failed 0
non SSL sessions recieved 130
Memory failures 0
session dropped 1273
sessions matched 7474
sessions created 7474
sessions destroyed 7474
sessions ignored 130
sessions ignored : backup only 0
sessions whitelisted : IP based 0
sessions whitelisted : url based 0
crl : data added 152
crl : certificate revoked 0
crl : no crl info present 119
crl : no CA certificate 643
SSL sessions 7293
SMTP over STARTTLS 0
IMAP over STARTTLS 0
POP3 over STARTTLS 0
SMTP sessions 0
IMAP sessions 0
POP3 sessions 0
Server not supporting STARTTLS 0
Client not supporting STARTTLS 0
Unified policy : default profile hit 0
Unified policy : no default profile 0
|
| show services ssl proxy session-cache
|
| show services ssl proxy session-cache statistics
|
| show services ssl proxy session-cache entries
|
| show services ssl proxy session-cache entries summary |
|
|
|
|
Certificates | https://www.juniper.net/documentation/en_US/junos/topics/task/troubleshooting/security-ssl-proxy-troubleshooting.html |
---|
| show services ssl certificate brief certificate-id ssl-fp2
jcluser@JCL-NGFW-30> show services ssl certificate brief certificate-id ssl-fp2
Lsys Name : root-logical-system
PIC:fpc0 fpc[0] pic[0] ------
CertID : ssl-fp2
Certificate Type : LOCAL-CERT
Issuer : /C=US/ST=CA/L=Sunnyvale/O=Juniper POC/OU=LAB/CN=SRX POC/emailAddress=admi
n@jnpr.net
Subject : /C=US/ST=CA/L=Sunnyvale/O=Juniper POC/OU=LAB/CN=SRX POC/emailAddress=admi
n@jnpr.net
Validity :
Not before : Tue 07/21/2015 12:49:35 AM
Not after : Mon 07/16/2035 12:49:35 AM
Public Key algorithm : rsaEncryption
show services ssl certificate detail certificate-id ssl-fp2
jcluser@JCL-NGFW-30> show services ssl certificate detail certificate-id ssl-fp2
Lsys Name : root-logical-system
PIC:fpc0 fpc[0] pic[0] ------
CertID : ssl-fp2
Certificate Type : LOCAL-CERT
cert modify time : Fri 06/28/2019 02:13:17 PM
key modify time : Fri 06/28/2019 02:13:17 PM
certificate version : 3
serial number : e2 b9 52 41 26 46 c2 90
Issuer : /C=US/ST=CA/L=Sunnyvale/O=Juniper POC/OU=LAB/CN=SRX POC/emailAddress=admi
n@jnpr.net
Subject : /C=US/ST=CA/L=Sunnyvale/O=Juniper POC/OU=LAB/CN=SRX POC/emailAddress=admi
n@jnpr.net
Validity :
Not before : Tue 07/21/2015 12:49:35 AM
Not after : Mon 07/16/2035 12:49:35 AM
Public Key algorithm : rsaEncryption
Signature Algorithm : sha256WithRSAEncryption
|
|
|