1. Manuals
  2. Brands
  3. Juniper Manuals
  4. Software
  5. JUNOSE SOFTWARE FOR E SERIES 11.3.X - IP SERVICES CONFIGURATION GUIDE...
  6. Configuration manual

Configuring Peer Public Keys Without Digital Certificates - Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - IP SERVICES CONFIGURATION GUIDE 2010-10-01 Configuration Manual

Software for e series broadband services routers ip services configuration guide
Hide thumbs
Table of Contents

Advertisement

JunosE 11.3.x IP Services Configuration Guide
root proxy url

Configuring Peer Public Keys Without Digital Certificates

224
Use to specify an HTTP proxy server that can submit HTTP requests on the E Series
router's behalf to retrieve the root CA certificate. Use this command if your network
has an HTTP proxy server installed between the E Series router and the Internet. Use
the format http://server_ipaddress to specify the URL of the proxy server.
Example
host1(config-ca-identity)#root proxy url http://192.168.5.45
Use the no version to remove the root proxy URL from the configuration.
See root proxy url.
During IKE negotiations, peers exchange public keys to authenticate each other's identity
and to ensure that IKE SAs are established with the intended party. Typically, public keys
are exchanged in messages containing an X.509v3 digital certificate. As an alternative,
however, you can configure and exchange peer public keys and use them for RSA
authentication without having to obtain a digital certificate.
To configure and exchange peer public keys without obtaining a digital certificate:
Generate the RSA key pair on the router.
1.
host1(config)#ipsec key generate rsa 1024
Please wait...
IPsec Generate Keys complete
In your IKE policy, set the authentication method to RSA signature.
2.
host1(config)#ipsec ike-policy-rule 1
host1(config-ike-policy)#authentication rsa-sig
host1(config-ike-policy)#exit
host1(config)#exit
NOTE: For more information about setting up IKE policies, see "Defining
an IKE Policy" on page 148 in "Configuring IPSec" on page 119.
Display the router's public key.
3.
host1#show ipsec key mypubkey rsa
30819f30 0d06092a 864886f7 0d010101 05000381 8d003081 89028181 00daaa65
8082ac0a ec42e552 10e3489b 37463ed8 9bfa2541 f46a7b30 0e908749 5b652ae5
ae604e9a 81bc3268 270e7f68 69ffd2a8 be268afa 92849fd0 4e8c96be 3eddf1c2
12d9fe7a 68e8507c 99b59ff3 bb0c3942 b0a90c76 3ae3acbb 4a777037 31527ea0
23693bdc e5393c6f 2ef3e7e7 bb1a308e d42ce0ad a095273e d718384c dd020301
0001
For information about the format of an RSA public key, see "Public Key Format" on
page 212 .
Copyright © 2010, Juniper Networks, Inc.

Advertisement

Table of Contents
loading

Related Manuals for Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - IP SERVICES CONFIGURATION GUIDE 2010-10-01

Related Content for Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - IP SERVICES CONFIGURATION GUIDE 2010-10-01

This manual is also suitable for:

Junose 11.3

Table of Contents