Setup the SSL Preserve Untrusted Issuer feature in SGOS 6.x
search cancel

Setup the SSL Preserve Untrusted Issuer feature in SGOS 6.x

book

Article ID: 166496

calendar_today

Updated On:

Products

Advanced Secure Gateway Software - ASG ProxySG Software - SGOS

Issue/Introduction

This Knowledge Base article provides an example on how to setup the Preserve Untrusted Issuer feature in SGOS 6.x

Resolution

The following Content Policy Language (CPL) demonstrates how to setup the Preserve Untrusted Issuer feature in SGOS 6.x :


<SSL-Intercept>
    ssl.forward_proxy.preserve_untrusted(yes)
   
<SSL-Intercept>
    ssl.forward_proxy(https) ssl.forward_proxy.issuer_keyring(default)
 

You can also configure the Global Setting through the following CLI Commands :

SG210#config term
SG210#(config)ssl
SG210#(config ssl)proxy preserve-untrusted ?
 disable                      Do not preserve untrusted certificate issuer
 enable                       Preserve untrusted certificate issuer
SG210#(config ssl)proxy preserve-untrusted enable
SG210#(config ssl)exit
SG210#(config)exit
SG210#
 

Notes :

  1. Replace the "default" keyring with the keyring you have configured for your SSL Forward Proxy.
  2. For further information and explanations, please refer to the SGOS 6.3 Administration Guide.
  3. If the default untrusted issuer keyring has expired, create a new untrusted issuer keyring and apply the following :
    • SG210#(config ssl)proxy untrusted-issuer-keyring <new_untrusted_default_keyring-name>

 

Powered by Wolken Software