Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SECURE ACCESS DEVICES GUIDE REV 01 Manual page 204

Configuring Secure Access Devices Guide
186
Table 47: Secure Access Manual CA Certificate Configuration Details
Option Function
Settings tab
Subject Specifies the CA
certificate subject
name.
Client certificate status Specifies the method
checking the device uses to
verify client
certificate status.
Verify Trusted Client CA Specifies if you want
the device to
validate the CRL
from which the
certificate is issued.
Trusted for Client Specifies if you want
Authentication? the device to trust
this certificate when
authenticating client
certificates.
Your Action
Enter a subject name for the certificate.
Select one of the following options:
None — Specifies that the device should not
validate this trusted client certificate.
Use OCSP (Online Certificate Status
Protocol) — Specifies that the device should
use the OCSP method, validating the client
certificate in real-time, as needed. After you
select this option, you can specify options
for OCSP.
Use CRLs (Certificate Revocation Lists)—
Specifies that the device should use CRLs
to validate the client certificate. After you
select this option, you can specify options
for CRL.
Use OCSP with CRL fallback—Specifies that
the device should use the OCSP validation
method when possible, but attempt to
validate client certificates using CRLs should
the OCSP method fail (for example, if the
link to the OCSP Responder fails). After you
select this option, you can specify options
for both CRL and OCSP.
Select the check box.
Select the check box.
NOTE: If you added this certificate for
nonauthentication purposes (such as for SAML
signature verification or machine certificate
validation), disable this option. This indicates
that the device must not trust any client
certificate issued by this CA.
Copyright © 2010, Juniper Networks, Inc.