1. Manuals
  2. Brands
  3. Juniper Manuals
  4. Software
  5. JUNOSE 11.2.X IP SERVICES
  6. Configuration manual

Juniper JUNOSE 11.2.X IP SERVICES Configuration Manual page 253

For e series broadband services routers - ip services configuration
Hide thumbs
Table of Contents

Advertisement

key-string
Copyright © 2010, Juniper Networks, Inc.
The FQDN and user FQDN identifiers are case-sensitive.
To ensure that the public key is associated with the correct remote peer, the router
requires an exact match for the identifier string. For example, a public key for user FQDN
mjones@sales.company_abc.com does not match a public key for FQDN
sales.company_abc.com.
From IPSec Peer Public Key Configuration mode, use the key-string command to enter
the peer public key data. For information about how to use this command, see
"key-string" on page 227 .
Example 1—Enables you to configure the public key for a remote peer with IP address
192.168.50.10
host1(config)#ipsec key pubkey-chain rsa address 192.168.50.10
host1(config-peer-public-key)#
Example 2—Enables you to configure the public key for a remote peer with the FQDN
sales.company_xyz.com
host1(config)#ipsec key pubkey-chain rsa name sales.company_xyz.com
host1(config-peer-public-key)#
Example 3—Enables you to configure the public key for a remote peer with the FQDN
tsmith@sales.company_xyz.com
host1(config)#ipsec key pubkey-chain rsa name tsmith@sales.company_xyz.com
host1(config-peer-public-key)#
Use the no version to remove the peer public key from the router.
See ipsec key pubkey-chain rsa.
Use to manually enter a 1024-bit or 2048-bit public key for a remote peer with which
you want to establish IKE SAs.
The key string represents the public key hexadecimal data that includes the ASN.1
object identifier and sequence tags for RSA encryption.
Enter an alphanumeric key string with a maximum of 1999 characters.
You must use the same character (for example, " or x) at the beginning and end of the
string to delimit the key string. The delimiter character is case-sensitive and must not
occur anywhere else in the key string.
For information about the format of an RSA public key, see "Public Key Format" on
page 212 .
Example 1—Configures the public key for a remote peer with IP address 192.168.50.10,
using " (double quotation marks) as the key string delimiter character
host1(config)#ipsec key pubkey-chain rsa address 192.168.50.10
host1(config-peer-public-key)#key-string "
Enter remainder of text message. End with the character '"'.
30819f30 0d06092a 864886f7 0d010101 05000381 8d003081 89028181 00d3a447
0b997844 213de4ae 13a2c09b f74051cd d404a187 c5e86867 d525cb6e 571a44f2
92bac7e8 bb282857 fb20357c d94ec241 b651596c 350dd770 6853526b c95e60c1
Chapter 8: Configuring Digital Certificates
227

Advertisement

Table of Contents
loading

Related Manuals for Juniper JUNOSE 11.2.X IP SERVICES

Related Products for Juniper JUNOSE 11.2.X IP SERVICES

This manual is also suitable for:

Junose 11.2.x

Table of Contents