TechLibrary

Navigation Back up to About Overview

certificate-verification

Syntax

certificate-verification [ optional | required | warning ]

Hierarchy Level

[edit services unified-access-control]

Release Information

Statement introduced in Junos OS Release 12.1.

Description

This option determines whether server certificate verification is required when initiating a connection between an SRX Series or J Series device and a Junos Pulse Access Control Service in a UAC configuration. If no CA profile contains the certificate authority (CA) that signed the configured server certificate for the Access Control Service, this option determines whether the commit check should fail, a warning should be displayed, or the connection should be made without any warning.

By default, an administrator is warned if the CA certificate is not configured in the ca-profile.

Note: For strict security, this option should be reset to required, and the proper CA certificate should be specified in the CA profile.

Options

  • optional—Certificate verification is not required. If the CA certificate is not specified in the ca-profile option, the commit check passes and no warning is issued.
  • required—Certificate verification is required. If the CA certificate is not specified in the ca-profile option, an error message is displayed, and the commit check fails. Use this option to ensure strict security.
  • warning—(Default) Certificate verification is not required, however, a warning message is displayed during commit check if the CA certificate is not specified in the ca-profile option.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Published: 2013-12-09