1. Manuals
  2. Brands
  3. Juniper Manuals
  4. Software
  5. JUNOSE SOFTWARE FOR E SERIES 11.3.X - IP SERVICES CONFIGURATION GUIDE...
  6. Configuration manual

File Extensions; Certificate Chains; Table 15: Outcome Of Ike Phase 1 Negotiations; Table 16: File Extensions (Offline Configuration) - Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - IP SERVICES CONFIGURATION GUIDE 2010-10-01 Configuration Manual

Software for e series broadband services routers ip services configuration guide
Hide thumbs
Table of Contents

Advertisement

File Extensions

Certificate Chains

Copyright © 2010, Juniper Networks, Inc.

Table 15: Outcome of IKE Phase 1 Negotiations

Condition
Ignored
CRL OK
Succeed
CRL expired
Succeed
Missing CRL
Succeed
Peer Cert revoked
Succeed
ERX Cert revoked
Succeed
Table 16 on page 211 describes the file extensions that the ERX routers use for digital
certificates that are created by the offline process.
During the online digital certificate process, the certificate files are kept in NVS in hidden
areas and are not visible to users (the files do not appear when you enter a dir shell
command). Use the show commands to display information for the online certificate
files. The router's private keys are similarly hidden from users.

Table 16: File Extensions (Offline Configuration)

File Extension
Description
.crq
Used for certificate request files that are generated on the ERX router and taken
to CAs for obtaining a certificate.
.cer
Used for public certificate files. The public certificates for root CAs and the
router public certificates are copied to the ERX router. They are automatically
recognized as belonging to the ERX router or CA by certificate subject name
and issuer name (in a CA they are the same). The ERX router supports multiple
CAs.
.crl
Used for certificate revocation lists that are obtained offline from CAs and
copied to the ERX router. CRLs indicate which certificates from a particular CA
are revoked.
In a basic CA model, there is a single CA from which the ERX router obtains the root CA
certificates and the router's public key certificates. The E Series router also supports CA
hierarchies, which consist of a top-level root CA and one or more sub-CAs (also called
issuing CAs).
In a CA hierarchy, the router obtains its public key certificates and the CA certificate from
a sub-CA. The sub-CA's certificate is signed by the root CA.
Chapter 8: Configuring Digital Certificates
CRL Setting
Optional
Required
Succeed
Succeed
Succeed
Fail
Succeed
Fail
Fail
Fail
Fail
Fail
211

Advertisement

Table of Contents
loading

Related Manuals for Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - IP SERVICES CONFIGURATION GUIDE 2010-10-01

Related Content for Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - IP SERVICES CONFIGURATION GUIDE 2010-10-01

This manual is also suitable for:

Junose 11.3

Table of Contents