[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

Manually Generating Self-Signed Certificates

You can use the CLI to manually generate a self-signed certificate. For a manually generated self-signed certificate, you specify the distinguished name (DN) when you create it. (For an automatically generated self-signed certificate, the system supplies the DN, identifying itself as the creator.)

Before You Begin

For background information, read:

This topic covers:

J-Web Configuration

To direct the router to use a manually generated self-signed certificate. The following tasks are used to direct the router to use a manually generated self-signed certificate called self-cert for Web management.

  1. Select Configure>CLI Tools>Point and Click CLI.
  2. Next to System, click Configure or Edit.
  3. Next to Services, select the check box and click Configure or Edit.
  4. Next to Web management, click Configure or Edit.
  5. Next to Https, select the check box and click Configure or Edit.
  6. From the Certificate choice list, select Pki local certificate and click OK.
  7. If you are finished configuring the router, commit the configuration.
  8. To check the configuration, see Verifying the Validity of a CertificateVerifying the Validity of a Certificate.

CLI Configuration

Use the following CLI command to manually generate a self-signed certificate created and signed by the user whose e-mail address is mholmes:

user@host# request security pki local-certificate generate-self-signed certificate-id self-cert subject cn=abc domain-name Juniper.net ip-address 1.2.3.4 email mholmes@juniper.net

Use the following CLI command to direct the device to use a manually generated self-signed certificate called self-cert for Web management:

user@host# set system services web-management https pki-local-certificate self-cert

Related Topics

[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]