Help Center User GuideGetting StartedFAQ
 
X
User Guide
Getting Started
FAQ
Help Center
Show Contents
Help CenterAdministrationManaging Certificates
Contents  
ContentsHide
ContentsHide
DownloadPrint

About the VPN Authentication Page

To access this page, click Administration > Certificate Management > VPN Authentication.

Note The VPN Authentication page is displayed only for tenants with SD-WAN sites that are configured with PKI as the authentication type.

Tasks You Can Perform

Changing the Method of Renewing PKI Certificates for a Tenant

In Customer Portal, the method of renewing PKI certificates for a tenant is configured when the tenant is onboarded.

You, as a tenant administrator, can change the method of renewing PKI certificates for an onboarded tenant from the VPN Authentication page.

Procedure

To change the method of renewing PKI certificates for a tenant:

  1. On the VPN Authentication page, click the Change link.

    The Tenant Certificate Renewal Method page appears.

    Note Certificates will not be renewed for sites that are down or do not have connectivity to CSO at the current time.

  2. By default, the Auto Renew Certificate toggle button is disabled. Click the toggle button to enable the automatic renewal of certificates.

    If you do not enable the automatic renewal of certificates, they must be manually renewed. See Manually Renewing Certificates for Sites for more information.

  3. If you enabled the automatic renewal of certificates, in the Renew Before Expiry field, select the period before the expiry date on which the certificates should be automatically renewed:

    • 3 Days

    • 1 Week

    • 2 Weeks (default)

    • 1 Month

  4. Click OK to save your changes.

    The Confirm Renew Certificate page appears.

  5. Click Yes to confirm your changes.

    A job is created to check the expiration date of certificates for all sites of the tenant. If a certificate is nearing the configured expiry date, the certificate is automatically renewed.

    You are returned to the VPN Authentication page where a confirmation message appears.

Changing the Method of Renewing PKI Certificates for Sites

Note If the certificate renewal method for a tenant is manual, the renewal method for certificates used by sites belonging to that tenant cannot be changed to automatic. You can change the renewal method of a PKI certificate belonging to a site only if the certificate renewal method for the tenant is automatic.

Procedure

To change the renewal method of certificates for one or more sites:

  1. On the VPN Authentication page, select one or more sites from the list of available sites and click Change Renewal Method.

    A drop-down list appears.

  2. From the list, choose the renewal method (Set Auto Renew or Set Manual Renew).

    The Edit Certificate Renew Method page appears.

  3. Click Yes to change the renewal method.

    • If you set the renewal method as automatic, a job is created to check the expiration date of certificates for the selected sites. If a certificate is nearing the configured expiry date, the certificate is automatically renewed.

    • If you set the renewal method as manual, certificates must be manually renewed. See Manually Renewing Certificates for Sites for more information.

    You are returned to the VPN Authentication page, where a confirmation message appears.

Updating the CRL URL of Certificates

CSO obtains the latest list of certificates revoked by the Certificate Authority (CA), from the CRL (Certificate Revocation List) server, when you update the CRL URL of certificates.

Procedure

To update the CRL URL of certificates:

  1. On the VPN Authentication page, click Update CRL URL.

    The Edit Tenant Certificate CRL page appears.

  2. In the CRL Server field, update the CRL URL.
  3. Click OK.

    A job is created to download the latest CRL.

    You are returned to the VPN Authentication page, where a confirmation message appears.

Change the CA Server URL and Password

You, as an SP administrator or OpCo administrator, specify the CA Server URL and password on the Administration Portal during tenant onboarding.

Procedure

To change the CA Server URL and password for the tenant from the Customer Portal:

  1. On the VPN Authentication page, click the Change link.

    The Tenant Certificate Renewal Method page appears.

  2. Specify the updated CA Server URL and Password in the CA Server URL and Password fields, respectively.
  3. Click OK to save your changes.

    The Confirm Renew Certificate page appears.

  4. Click Yes to confirm your changes.

    A confirmation message appears on the VPN Authentication page and the CA server URL and password are updated for all sites of the tenant.

Manually Renewing Certificates for Sites

Procedure

To manually renew certificates for one or more sites:

  1. On the VPN Authentication page, select one or more sites from the list of available sites and click Renew Certificate.

    The Confirm Renew Certificate page appears.

  2. Click Yes to manually renew the certificates.

    A certificate renewal job is triggered and a confirmation message appears on the VPN Authentication page.

Field Descriptions

Table 340 provides information about tenant-level settings for a PKI certificate, on the VPN Authentication page.

Table 340: Tenant-level settings on the VPN Authentication page

Field

Description

Certificate Renewal

Current Tenant Setting

Renewal method currently configured for PKI certificates of the tenant.

Next Renew Check Time

  • If the Auto Renew Certificate toggle button on the VPN Authentication page is enabled, displays the date and time at which the next renewal check is scheduled.

    CSO updates the date and time for renewal every 24 hours.

  • If the Auto Renew Certificate toggle button on the VPN Authentication page is disabled, displays N/A (not applicable).

Next CRL check time

Date and time at which the next CRL check is scheduled.

Last CRL update time

Date and time at which the CRL was last updated.

Table 341 displays details of the certificates on the VPN Authentication page.

Table 341: Details of certificates on the VPN Authentication page

Field

Description

Certificate ID

ID of the PKI certificate.

Used In

Name of the site with which the PKI certificate is associated.

Device

Name of the device with which the PKI certificate is associated.

Status

Displays the expiration status of the PKI certificate.

  • If the Auto Renew Certificate toggle button on the VPN Authentication page is enabled, the value in the Status field depends on the renewal period that you selected.

  • If the Auto Renew Certificate toggle button on the VPN Authentication page is disabled, the value in the Status field depends on the default expiration notification time for the certificate.

  • If the expiration date of the certificate does not meet the expiration notification time yet, the Status field displays .

  • If the certificate has expired, the Status field displays Expired.

Expires On

Date and time at which the PKI certificate expires.

Renewal Method

Renewal method of the PKI certificate:

  • Auto

  • Manual

Help us to improve. Rate this article.
     
Feedback Received. Thank You!
Previous
Installing and Uninstalling Certificates
Next
Juniper Identity Management Service Overview
Need more help?

Ask questions in TechWiki

Contact Customer Support

Check documentation in TechLibrary

© 2020 Juniper Networks, Inc. All rights reserved

Rating by you:      
X

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:
Email:

Need product assistance? Contact Juniper Support

Submit