Places to Check Where an SSL Profile is Referenced

book

Article ID: 173259

calendar_today

Updated On:

Products

Advanced Secure Gateway Software - ASG ProxySG Software - SGOS

Issue/Introduction

In order to delete an SSL profile, it must not be referenced. This makes it important to know where SSL profiles are referenced on the proxy. Also, the passive-attack-protection-only profile cannot be deleted or edited, and the keyring it uses expires after two years. While it is not recommended to use this profile in a production environment, it is important to make sure that this profile is not currently in use before the keyring expires. This article lists the places where SSL profiles are referenced.

Resolution

SSL Profiles are referenced in the following places in the Management Console of the proxy:

Configuration > ADN > General > Device Security > SSL Device Profile
Configuration > SSL > OCSP > OCSP Responder > [Select a Responder] > Edit > Profile
Configuration > SSL > SSLV Offload > Profile (hopefully if this is in use, the appliance keyring is being used)
Configuration > Proxy Settings > IM Proxies > AOL > Inbound SSL Device Protocol
Configuration > Proxy Settings > IM Proxies > AOL > Outbound SSL Device Protocol
Configuration > Authentication > [Windows SSO | Novell SSO | CA eTrust SiteMinder | Oracle COREid] >Agents >SSL Options > SSL Device Protocol
Configuration > Authentication > SAML > SAML Realms > [Select SAML Realm] > Edit > SSL Device Protocol
Configuration > Threat Protection > Malware Scanning > [Select CAS/ProxyAV ICAP Server] > Edit > SSL Device Profile