Help Center User GuideGetting StartedFAQ
 
X
User Guide
Getting Started
FAQ
Contents  

About the VPN Authentication Page

Contrail Service Orchestration (CSO) establishes secure IPsec Virtual Private Network (VPN) tunnels to connect sites after authenticating the tunnel endpoints. CSO authenticates tunnel endpoints by using either preshared keys or Public Key Infrastructure (PKI) certificates.

Service Provider (SP) and Operating Company (OpCo) Administrators can configure the authentication type when the tenant is onboarded.

If PKI certificate is configured as the authentication type, then tenant administrators can modify the PKI settings from the VPN Authentication page (Administration > Certificate Management > VPN Authentication) after the tenant is onboarded.

Note The VPN Authentication page is displayed only for tenants with SD-WAN service that are configured with PKI as the authentication type.

Tasks You Can Perform

Field Descriptions

Table 334 describes the fields on the VPN Authentication page.

Table 334: Fields on the VPN Authentication page

Field

Description

Tenant-Level Settings for PKI Certificates

Certificate Renewal

Current Tenant Setting

Renewal method currently configured for PKI certificates of the tenant.

Next Renew Check Time

  • If the Auto Renew Certificate toggle button on the Edit Tenant Certificate page is enabled, displays the date and time at which the next renewal check is scheduled.

  • If the Auto Renew Certificate toggle button on the Edit Tenant Certificate page is disabled, displays N/A (not applicable).

Next CRL check time

Date and time at which the next CRL check is scheduled.

Last CRL update time

Date and time at which the CRL was last updated.

Details of Certificates

Tenant Name

Name of the tenant.

Common Name

Name of the PKI certificate.

Certificate ID

ID of the PKI certificate.

Serial Number

Serial number of the PKI certificate.

Used In

Name of the site with which the PKI certificate is associated.

Device

Name of the device with which the PKI certificate is associated.

Status

Expiration status of the PKI certificate:

  • If you set the certificate to be renewed automatically, the status displayed depends on the renewal period that you selected from the Edit Certificate Settings for Tenant page.

    For example, if you selected the renewal period as 1 month, the Status field displays Less than 1 month before expiry.

  • If you set the certificate to be manually renewed, the status displayed depends on the expiration notification time for the certificate (Status: Less than 2 weeks before expiry).

  • If the expiration date of the certificate does not meet the expiration notification time yet, the Status field displays .

  • If the certificate has expired, the Status field displays Expired.

Expires on

Date and time at which the PKI certificate expires.

Renewal Method

Renewal method of the PKI certificate:

  • Auto

  • Manual

Related Documentation

Help us to improve. Rate this article.
Feedback Received. Thank You!

Ask questions in TechWiki

Check documentation in TechLibrary

Rating by you:      
X

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:
Email:

Need product assistance? Contact Juniper Support

Submit