Installing Ca Certificates Using Scep In Nsm - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01 Manual
Configuring screenos devices guide
Hide thumbs
Also See for NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01:
- Manual (340 pages) ,
- Administration manual (1026 pages) ,
- Installation manual (244 pages)
Table of Contents
Advertisement
Related
Documentation
Installing CA Certificates Using SCEP in NSM
Related
Documentation
Copyright © 2010, Juniper Networks, Inc.
NOTE: If you are using a self-signed certificate, you do not need to contact
a CA. The self-signed certificate on the device is issued and signed by the
same entity (the device), so the issuer and the subject of the certificate are
the same. However, because this self-signed certificate is not authenticated
by an external, third-party certificate authority, you cannot use it to
authenticate a VPN member in an IKE VPN.
To obtain a CA certificate file (.cer), contact the CA that issued the local certificate, then
use this file to create a certificate authority object. You must install this CA certificate on
the managed device using NSM before you can use certificate to validate that device in
your VPN. Because the CA certificate is an object, however, you can use the same CA for
multiple devices, as long as those devices use local certificates that were issued by that
CA.
You can also use SCEP to configure the device to automatically obtain a CA certificate
at the same time it receives the local certificate. For details on configuring a certificate
authority object, see " Configuring Certificate Authorities" in the Network and Security
Manager Administration Guide.
Installing CA Certificates Using SCEP in NSM on page 273
Manual Installation of CA Certificates in NSM on page 274
Manual Installation of Local Certificates in NSM on page 272
If you used SCEP to obtain a local certificate for the device, the CA certificate was
automatically downloaded and installed on the device at the same time as the local
certificate. However, because the management system does not know about the CA
certificate, you must refresh the CA information:
Right-click the device and select Certificates > Refresh CA Certificates. This directive
1.
uses the information about the physical device to refresh the information on the
management system.
Open the device configuration to view the CA certificates in VPN Settings > CA
2.
Certificates.
Manual Installation of CA Certificates in NSM on page 274
Configuring Certificate Revocation Lists (NSM Procedure) on page 274
Certificate Authority Configuration in NSM Overview on page 272
Chapter 8: Configuring VPNs
273
Advertisement
Table of Contents
