Installing Local Certificates Using Scep In Nsm - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01 Manual
Configuring screenos devices guide
Hide thumbs
Also See for NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01:
- Manual (340 pages) ,
- Administration manual (1026 pages) ,
- Installation manual (244 pages)
Table of Contents
Advertisement
Related
Documentation
Installing Local Certificates Using SCEP in NSM
Copyright © 2010, Juniper Networks, Inc.
After you obtain the local certificate, you must load the certificate into the management
system using the NSM UI, and then install the certificate on the managed device:
For devices running ScreenOS 5.x, you must install a TFTP server on the NSM device
server. The device server automatically uses TFTP to load the certificate onto your
managed devices. For more information about creating a TFTP server on the device
server, see the Network and Security Manager Installation Guide.
For devices running ScreenOS 5.1 and later, the device server automatically uses Secure
Server Protocol (SSP) to load firmware onto your managed devices. SSP is the protocol
used for the management connection between the physical device and the NSM device
server.
After the certificate is installed on the device, the certificate is known as active. To view
the current status of your certificate requests, open the device configuration and select
VPN Settings > Local Certificates:
Before the certificate is fulfilled, the certificate status appears as key pair, indicating a
public/private key pair exists but the certificate file does not yet exist on both the
physical device and the management system.
After the certificate is fulfilled, the certificate status appears as active, indicating that
the certificate file has been successfully installed on both the physical device and the
management system.
NOTE: Any time you need to move information from the physical device
to the management system, you are using a Refresh directive; when you
need to move information from the management system to the physical
device, you are using an Update directive.
Installing Local Certificates Using SCEP in NSM on page 271
Manual Installation of Local Certificates in NSM on page 272
Generating Certificate Requests to ScreenOS Devices (NSM Procedure) on page 269
If you used SCEP for automatic enrollment, the device contacts the specified CA and
obtains a local and CA certificate. After the device has installed the certificate, refresh
the NSM device configuration for that device to view the new certificate information:
Right-click the device and select Certificates > Refresh Local Certificates. This
1.
directive uses the information about the physical device to refresh the information on
the management system.
Double-click the device configuration and then select VPN Settings > Local
2.
Certificates to view the local certificates. The certificate status appears as active,
indicating that the certificate file has been successfully installed on both the physical
device and the management system.
Chapter 8: Configuring VPNs
271
Advertisement
Table of Contents
