search cancel

Places to Check Where an SSL Profile is Referenced


Article ID: 173259


Updated On:


Advanced Secure Gateway Software - ASG ProxySG Software - SGOS


In order to delete an SSL profile, it must not be referenced. This makes it important to know where SSL profiles are referenced on the proxy. Also, the passive-attack-protection-only profile cannot be deleted or edited, and the keyring it uses expires after two years. While it is not recommended to use this profile in a production environment, it is important to make sure that this profile is not currently in use before the keyring expires. This article lists the places where SSL profiles are referenced.


SSL Profiles are referenced in the following places in the Management Console of the proxy:

Configuration > ADN > General > Device Security > SSL Device Profile
Configuration > SSL > OCSP > OCSP Responder > [Select a Responder] > Edit > Profile
Configuration > SSL > SSLV Offload > Profile (hopefully if this is in use, the appliance keyring is being used)
Configuration > Proxy Settings > IM Proxies > AOL > Inbound SSL Device Protocol
Configuration > Proxy Settings > IM Proxies > AOL > Outbound SSL Device Protocol
Configuration > Authentication > [Windows SSO | Novell SSO | CA eTrust SiteMinder | Oracle COREid] >Agents >SSL Options > SSL Device Protocol
Configuration > Authentication > SAML > SAML Realms > [Select SAML Realm] > Edit > SSL Device Protocol
Configuration > Threat Protection > Malware Scanning > [Select CAS/ProxyAV ICAP Server] > Edit > SSL Device Profile