Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    certificate-verification

    Syntax

    certificate-verification [ optional | required | warning ]

    Hierarchy Level

    [edit services unified-access-control]

    Release Information

    Statement introduced in Junos OS Release 12.1.

    Description

    This option determines whether server certificate verification is required when initiating a connection between an SRX Series or J Series device and a Junos Pulse Access Control Service in a UAC configuration. If no CA profile contains the certificate authority (CA) that signed the configured server certificate for the Access Control Service, this option determines whether the commit check should fail, a warning should be displayed, or the connection should be made without any warning.

    By default, an administrator is warned if the CA certificate is not configured in the ca-profile.

    Note: For strict security, this option should be reset to required, and the proper CA certificate should be specified in the CA profile.

    Options

    • optional—Certificate verification is not required. If the CA certificate is not specified in the ca-profile option, the commit check passes and no warning is issued.
    • required—Certificate verification is required. If the CA certificate is not specified in the ca-profile option, an error message is displayed, and the commit check fails. Use this option to ensure strict security.
    • warning—(Default) Certificate verification is not required, however, a warning message is displayed during commit check if the CA certificate is not specified in the ca-profile option.

    Required Privilege Level

    security—To view this statement in the configuration.

    security-control—To add this statement to the configuration.

    Published: 2013-12-09