Table of Contents
Advertisement
Network and Security Manager Administration Guide
414
CRL. Use a Certificate Revocation List when you want to keep a local copy of the
revoked certificates on the managed device. This method enables the device to
check for revoked certificates quickly; to accept the certificate if no revocation
information is found, also enable Best Effort.
OCSP. Use the Online Certificate Status Protocol when you want the managed
device to access a remote OCSP server to check for revoked certificates. Because
the OCSP server dynamically updates its list of revoked certificates, this method
provides the most up-to-date information; to accept the certificate if no revocation
information is found, also enable Best Effort.
Best Effort. Enable this option to check for revocation accept the certificate if no
revocation information is found.
CRL Settings—Configure the default setting for the Certificate Revocation List.
Refresh Frequency. Select the frequency that the device contacts the CA to obtain
a new CRL list: Daily, Weekly, or Monthly.
LDAP server. Provide the IP address of the external LDAP server that manages the
CRL.
URL address. Provide the URL address of your internal LDAP server that provides
the CRL.
OCSP—Configure the Online Certificate Status Protocol to dynamically check for
revoked certificates.
Certificate Verification.
No revoke status check for CA delegated signing cert.
URL of OCSP Responder. Provide the URL address of the OCSP server.
SCEP—Configure Simple Certificate Enrollment Protocol to get a local certificate
automatically.
CA CGI. Enter the URL address of the Certificate Authority Certificate Generation
Information.
RA CGI. Enter the URL address of the Registration Authority Certificate Generation
Information that the security device contacts to request a CA certificate.
CA IDENT. Enter the name of the certificate authority to confirm certificate ownership.
Challenge. Enter the challenge words sent to you by the CA that confirm the security
device identity to the CA.
CA Certificate Authentication. (Auto or Manual)
Polling Interval. (Poll or Do not poll).
Certificate Renewal. Define the number of times a certificate can be renewed.
Click OK to complete the CA object.
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
Related Manuals for Juniper NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1
Related Products for Juniper NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - API GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING J SERIES SERVICES ROUTERS AND SRX SERIES SERVICES GATEWAYS GUIDE REV
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - NSMXPRESS SERIES II REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - M-SERIES AND MX-SERIES DEVICES GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.3
- Juniper MEDIA FLOW CONTROLLER 2.0.4 -
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - AQL EVENT AND FLOW QUERY CLI GUIDE
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - EVENT CATEGORY CORRELATION REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - SNMP AGENT GUIDE REV 1
- Juniper STRM LOG MANAGEMENT 2008.2 - S 6-2008