Table of Contents
Advertisement
JUNOSe 11.0.x IP Services Configuration Guide
NOTE: For more information about setting up IKE policies, see "Defining an IKE
Policy" on page 156 in "Configuring IPSec" on page 125.
3.
4.
5.
6.
7.
8.
9.
authentication
222
Configuring Digital Certificates Using the Offline Method
Enter IPSec Identity Configuration mode.
host1(config)#ipsec identity
host1(config-ipsec-identity)#
Specify the information that the router uses to generate a certificate request.
a. Specify a country name.
host1(config-ipsec-identity)#country CA
b. Specify a common name.
host1(config-ipsec-identity)#common-name Jim
c.
Specify a domain name.
host1(config-ipsec-identity)#domain-name myerx.kanata.junipernetworks.com
d. Specify an organization.
host1(config-ipsec-identity)#organization juniperNetworks
host1(config-ipsec-identity)#exit
host1(config)#
Generate a certificate request using certificate parameters from the IPSec identity
configuration.
host1(config)#ipsec certificate-request generate rsa myrequest.crq
After the certificate request is generated, you need to copy the file from the
router and send it to the CA. Typically, you copy the file and paste it to a CA's
Web page.
When you receive the certificate from the CA, copy the certificate to the router,
and then inform the router that the new certificate exists.
host1(config)#ipsec certificate-database refresh
(Optional) Set the sensitivity of how the router handles CRLs.
host1(config)#ipsec crl ignored
(Optional) To delete RSA key pairs, use the ipsec key zeroize command.
host1(config)#ipsec key zeroize rsa
Advertisement
Table of Contents
