You are configuring a client-protection SSL proxy profile.
Which statement is correct in this scenario?
You are configuring a client-protection SSL proxy profile.
Which statement is correct in this scenario?
When configuring a client-protection SSL proxy profile, a root certificate authority is used to sign the server certificate that the proxy presents to the client. However, the actual server certificate obtained from the destination server is not used in this configuration, as the proxy needs to intercept and inspect the traffic. Therefore, a server certificate is not used, but a root certificate authority is necessary to establish trust with the client.
Should be A correct
D is the correct answer
D is correct
D is correct
A https://www.juniper.net/documentation/us/en/software/junos/logical-system-security/topics/topic-map/ssp-proxy-lsys.html
You must configure either root-ca (forward proxy -"client profile") or server-certificate (reverse proxy) in an SSL proxy profile. Otherwise, the commit check fails. source : https://www.juniper.net/documentation/us/en/software/junos/logical-system-security/topics/topic-map/ssp-proxy-lsys.html
Answer A: Valid SSL proxy configurations - Client-protection SSL Proxy Root CA configuration required Server certificate NOT required - Server-Protection SSL Policy Root CA configuration NOT required Server certificate configuration required
only D
option D is correct: "A server certificate and a root certificate authority are both used."Here's why:A server certificate is used to present to the client. This certificate is typically signed by the device performing the SSL proxy function. The client sees this certificate instead of the actual server's certificate. The server certificate used in the proxy must be trusted by the client, either directly or through a chain of trust, which involves a Root Certificate Authority (CA).A root certificate authority (CA) is used by the SSL proxy to sign the server certificate that it presents to the client. The Root CA must be trusted by the client for the client to establish a trusted SSL session. In many cases, the Root CA used by the SSL proxy is an internal CA whose root certificate has been distributed to and trusted by client devices within the organization.