1. Manuals
  2. Brands
  3. Juniper Manuals
  4. Software
  5. JUNOSE 11.0.X IP SERVICES
  6. Configuration manual

Public Key Format; Configuring Digital Certificates Using The Offline Method - Juniper JUNOSE 11.0.X IP SERVICES Configuration Manual

For e series broadband services routers - ip services configuration
Hide thumbs
Table of Contents

Advertisement

For instructions on setting up peer public keys without a digital certificate, see
"Configuring Peer Public Keys Without Digital Certificates" on page 232 .

Public Key Format

RSA encryption and authentication require the use of a public key on both the ERX
router and on the remote peer with which the router seeks to establish IKE SAs.
The length of the public key can be 1024 bits or 2048 bits, and the format conforms
to the RSA standard defined in RFC 3447 Public-Key Cryptography Standards (PKCS)
#1: RSA Cryptography Specifications Version 2.1 (February 2003).
The public key consists of three components:
In the following example of a 1024-bit public key, the first portion of the key (shown
in bold typeface) represents the ASN.1 header information. The second portion of
the key (shown in regular typeface) represents the RSA public key modulus. The third
portion of the key (shown in bold typeface) represents the RSA public key exponent.
For more information about the format of an RSA public key and about ASN.1 syntax,
see RFC 3447 Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography
Specifications Version 2.1 (February 2003).

Configuring Digital Certificates Using the Offline Method

To use the offline method to set up digital certificates on the router:
1.
2.
Abstract Syntax Notation 1 (ASN.1) header information
RSA public key modulus
RSA public key exponent
30819F30 0D06092A 864886F7 0D010101 05000381 8D003081 89028181 00A7E43C
3E2D399F 34EF6E16 F84464A9 8A145997 CC7F34C8 3DFF8216 57780FE9 D5CE2717
86239050 7A331044 EBA90120 EC13A78D C1B24285 333A9193 D94A59C8 492D8CB9
A46403A4 37461E00 768CF45C 580211AC 72793764 51E3AB3C F9A6665E 562E3681
F120405E 30235690 6FC093AA EB0FE956 51C38EE1 54D81E40 7687C387 07020301
0001
Generate RSA key pairs.
host1(config)#ipsec key generate rsa 2048
Please wait.................................................
..........................
IPsec Generate Keys complete
In your IKE policy, set the authentication method to RSA signatures.
host1(config)#ipsec ike-policy-rule 1
host1(config-ike-policy)#authentication rsa-sig
host1(config-ike-policy)#exit
host1(config)#
Configuring Digital Certificates Using the Offline Method
Chapter 8: Configuring Digital Certificates
221

Advertisement

Table of Contents
loading

Related Manuals for Juniper JUNOSE 11.0.X IP SERVICES

Related Content for Juniper JUNOSE 11.0.X IP SERVICES

This manual is also suitable for:

Junose 11.0.x

Table of Contents