Imported Certificates In Nsm Overview - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01 Manual

Related
Documentation

Imported Certificates in NSM Overview

Related
Documentation
Copyright © 2010, Juniper Networks, Inc.
You must manually contact your CA, obtain a CRL, and create a certificate revocation
list object. Then, add the CRL to the device and install it on the device:
Open the device configuration and select VPN Settings > CRLs. Click the Add icon
1.
and add the Certificate Revocation List object. Close the device configuration.
Right-click the device and select Certificates > Update CRL. This directive uses the
2.
information in the management system to update the information on the physical
system. A Job Manager window appears to display job information and job progress.
NOTE: For devices running ScreenOS 5.x, you must install a TFTP server
on the NSM device server. The device sServer automatically uses TFTP
to load the CRL onto your managed devices. For more information about
creating a TFTP server on the device server, see the Network and Security
Manager Installation Guide.
When the job is complete, close the Job Manager window.
3.
For devices running ScreenOS 5.1 and later, the device server automatically uses Secure
Server Protocol (SSP) (the protocol used for the management connection) to load CRLs.
To view CRL, double-click the device configuration and select VPN Settings > CRL.
Imported Certificates in NSM Overview on page 275
Manual Installation of CA Certificates in NSM on page 274
PKI Default Settings Configuration in NSM Overview on page 276
If you imported a security device that already has a local certificate, CA, and CRL, these
objects are automatically imported when you add that device to the NSM system.
Imported objects use the default name of <CN>_<timestamp>.
However, to reuse the CA and CRL objects in other security devices, you must load the
CA and CRL file directly into the management system:
To load a CA file (.cer) into the management system, open the imported CA object in
Object Manager and use the Load Certificate option. After loading the CA, verify the
status of the certificate appears as Loaded.
To load a CRL file (.crl) into the management system, open the imported CRL object
in Object Manager and use the Load CRL option. After loading the CRL, verify the status
of the CRL appears as Loaded.
After the CA certificate and CRL files have been loaded, you can use those CA and CRL
objects in other devices.
PKI Default Settings Configuration in NSM Overview on page 276
Configuring Certificate Revocation Lists (NSM Procedure) on page 274
Chapter 8: Configuring VPNs
275