Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - IP SERVICES CONFIGURATION GUIDE 2010-10-01 Configuration Manual page 240

JunosE 11.3.x IP Services Configuration Guide
authentication
common-name
214
a. Specify a country name.
host1(config-ipsec-identity)#country CA
b. Specify a common name.
host1(config-ipsec-identity)#common-name Jim
c. Specify a domain name.
host1(config-ipsec-identity)#domain-name myerx.kanata.junipernetworks.com
d. Specify an organization.
host1(config-ipsec-identity)#organization juniperNetworks
host1(config-ipsec-identity)#exit
host1(config)#
Generate a certificate request using certificate parameters from the IPSec identity
5.
configuration.
host1(config)#ipsec certificate-request generate rsa myrequest.crq
After the certificate request is generated, you need to copy the file from the router
6.
and send it to the CA. Typically, you copy the file and paste it to a CA's Web page.
When you receive the certificate from the CA, copy the certificate to the router, and
7.
then inform the router that the new certificate exists.
host1(config)#ipsec certificate-database refresh
(Optional) Set the sensitivity of how the router handles CRLs.
8.
host1(config)#ipsec crl ignored
(Optional) To delete RSA key pairs, use the ipsec key zeroize command.
9.
host1(config)#ipsec key zeroize rsa
Use to specify the authentication method that the router uses. For digital certificates,
the method is set to RSA signature.
Example
host1(config-ike-policy)#authentication rsa-sig
Use the no version to restore the default, preshared keys.
See authentication.
Use to specify a common name used to generate certificate requests.
Example
host1(config-ipsec-identity)#common-name Jim
Use the no version to remove the common name.
See common-name.
Copyright © 2010, Juniper Networks, Inc.