Loading Local Certificate Into Nsm Management System - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01 Manual
Configuring screenos devices guide
Hide thumbs
Also See for NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01:
- Manual (340 pages) ,
- Administration manual (1026 pages) ,
- Installation manual (244 pages)
Table of Contents
Advertisement
Configuring ScreenOS Devices Guide
Table 67: Certificate Requests (continued)
Certificate Requests
Automatically Enroll
Related
Documentation
Loading Local Certificate into NSM Management System
270
Your Action
Select this option to use SCEP. The device automatically requests, receives, and installs the
local certificate and the CA certificate locally. To use SCEP, configure the following defaults:
Certificate authority—Select a preconfigured CA or use the default CA settings for the device.
E-mail request to—Provide the e-mail address that receives the PKCS#10 file, which defines
the syntax for certification requests.
Click OK to send the request prompt to the device.
A Job Manager window appears to display job information and job progress. When the
job is complete, the device public key appears in the Job window.
If you are obtaining the local certificate manually, you need the device public key to give
to the CA. Copy and paste the information from the job window to a text file, or leave the
job window open while you contact the CA.
If you are using SCEP to obtain a local certificate and a CA certificate, the device
automatically sends its public key to the CA directly. When SCEP obtains both the local
and CA certificate, the job completes. Close the Job Manager window, and then check
the status of certificates: open the device configuration and select VPN Settings > Local
Certificates. The certificate status appears as active, indicating that the certificate file
has been successfully installed on both the physical device and the management system
(you might need to use the Refresh directive to prompt the UI to update the certificate
status).
If you are using the self-signed certificate on a device running ScreenOS 5.1 and later, the
device automatically creates the certificate. A Job Manager window appears to display
job information and job progress. When the job is complete, close the Job Manager
window. To view the certificate, open the device configuration and select VPN Settings
> Local Certificates. The certificate status appears as active, indicating that the
self-signed certificate file has been successfully created and installed on both the physical
device and the management system.
Loading Local Certificate into NSM Management System on page 270
Installing Local Certificates Using SCEP in NSM on page 271
Local Certificate Validation of ScreenOS Devices Overview on page 268
For CA-signed local certificates, after you prompt the device to generate the certificate
request, the device creates the public/private key pair that is used to create the local
certificate and returns the public key to the management system (the private key never
leaves the device). During this time, the certificate status is key pair, meaning that a key
pair exists but no certificate has been loaded.
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
