The VPN authentication settings for a tenant are configured when the tenant is onboarded. If PKI Certificate is configured as the authentication type, tenant administrators can modify the PKI settings even after adding sites for the tenant. The changed settings are applicable to all existing sites of the tenant and to sites that the tenant might add later. To change the PKI settings for all sites in the tenant, see Modify PKI Settings for All Sites.
You can perform the following actions on the selected sites:
Change the method of renewing PKI certificates:
Note You can change the renewal method of PKI certificates for sites in a tenant only if you set the certificate renewal method for the tenant to automatic (that is, if you enable the Auto Renew Certificate toggle button).
Do the following:
The VPN Authentication page appears.
A drop-down list appears.
The Edit Certificate Renewal Method page appears asking you to confirm the renewal method.
You are returned to the VPN Authentication page, where a confirmation message appears indicating that the certificate renewal method is updated. The Renewal method column on the VPN Authentication page displays the updated renewal method for the selected sites.
Manually renew certificates:
The VPN Authentication page appears.
The Confirm Renew Certificate page appears.
You are returned to the VPN Authentication page, where a confirmation message appears indicating that a certificate renewal job is triggered.
You can click the job link in the message to view the job details, or view the details on the Jobs (Monitor > Jobs) page.
Note The certificate renewal job is not executed for sites that are down or that do not have connectivity to CSO at the time that the job is triggered.
If the job is completed successfully, a confirmation message appears on the VPN Authentication page.
© 2021 Juniper Networks, Inc. All rights reserved