Prerequisites For Ssl Connections - Juniper JUNOS OS 10.3 - XML MANAGEMENT PROTOCOL GUIDE 6-30-2010 Manual

Copyright © 2010, Juniper Networks, Inc.

Prerequisites for SSL Connections

To enable a client application to use the SSL protocol to connect to the Junos XML
protocol server, perform the following steps:
Enable the application to access the SSL software.
1.
If the application uses the Junos XML protocol Perl module provided by Juniper
Networks, no action is necessary. As part of the installation procedure for the Perl
module, you install a prerequisites package that includes the necessary SSL software.
For instructions, see "Downloading the Junos XML Protocol Perl Client and
Prerequisites Package" on page 206.
If the application does not use the Junos XML protocol Perl module, obtain the SSL
software and install it on the computer where the application runs. For information
about obtaining and installing the SSL software, see
Satisfy the prerequisites discussed in "Prerequisites for All Access Protocols" on
2.
page 27.
Use one of the following two methods to obtain an authentication certificate in
3.
privacy-enhanced mail (PEM) format:
Request a certificate from a certificate authority; these agencies usually charge a
fee.
Working on the computer where the client application runs, issue the following
openssl command in a standard command shell (not the Junos OS CLI). The
command generates a self-signed certificate and an unencrypted 1024-bit RSA
private key, and writes them to the file called
directory. The command appears here on two lines only for legibility:
% openssl req -x509 -nodes -newkey rsa:1024 \
-keyout certificate-file.pem -out certificate-file.pem
Import the certificate onto the device running Junos OS by including the
4.
statement at the
[edit security certificates]
statement at the
[edit security certificates local certificate-name]
[edit]
user@host# edit security certificates local certificate-name
[edit security certificates local certificate-name]
user@host# set load-key-file URL-or-path
is a name you choose to identify the certificate uniquely (for example,
certificate-name
junos-xml-protocol-ssl-client-hostname
client application runs).
URL-or-path specifies the file that contains the paired certificate and private key (if
you issued the
openssl
either the URL to its location on the client computer or a pathname on the local disk
(if you have already used another method to copy the certificate file to the device's
local disk). For more information about specifying URLs and pathnames, see the
Junos CLI User Guide.
Chapter 3: Controlling the Junos XML Management Protocol Session
certificate-file.pem
hierarchy level and the
, where
hostname
command in Step 3, the
certificate-name.pem
.
http://www.openssl.org/
in the working
local
load-key-file
hierarchy level.
is the computer where the
file). Specify
35