Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Executing the Certificate Request Script

    In order to develop and distribute JET applications, you must install a package signing certificate onto the virtual machine (VM). You do this by executing the certificate request script. This script assists you in creating a signing key and a certificate request for use with JET.

    Caution: Never send your signing key to anyone, including Juniper Networks. The key enables anyone to sign applications that your router will trust. Therefore, it should be treated with the same level of security as the root password for the routers. Once you obtain your signing key, save it in a file outside of the VM.

    Before you can run the certificate request script, you must have the provider prefix, which is a uniquely identifying prefix that represents the name of your organization. This prefix should have been provided to a contact at your organization. If you do not know this prefix, request it before running the jet-certificate-request command. Contact JET Certificate Processing at

    Information the script asks for includes the following data:

    • City, state, and country
    • Your organization and unit
    • Provider prefix

      Obtain from JET Certificate Processing at

    • User string

      This is an additional specification of your choosing. It could be a string specifying the development team or project name. The user string can consist of a lowercase letter followed by one or more lowercase letters or numbers.

    • Deployment scope

      This the string assigned by Juniper to differentiate multiple certificates for the same partner. Leave empty if none was assigned to you.

    • Index number

      This number is known as a certificate generations number. It will be 1 for your initial certificate. When a certificate expires and a new one is requested, this number will be incremented.

    • E-mail address

      We recommend against using a personal e-mail address for the certificate contact.

    To create a signed application, request certificates and copy them as explained in the following procedure. This procedure is optional if you want to create an unsigned application.

    To create a certificate request manually:

    1. In a VM terminal, issue the jet-certificate-request command.

      The script leads you through a series of questions.

    2. Answer the questions, and press Enter after each answer.

      A certificate name is synthesized from this information. The certificate name appears as the stem of the filenames for two files the script creates in the /usr/local/junos-jet/certs directory: filename_key.pem and filename_req.pem.

    3. Save the filename_key.pem file outside the VM.

      Ensure that no one outside of your development organization has access to it. Do not send this file to Juniper Networks.

    4. Send the filename_req.pem file to JET Certificate Processing at

      JET Certificate Processing immediately sends your certificate to you.

    To copy your certificate:

    • Copy the certificate file to the /usr/local/junos-jet/certs directory.

    Modified: 2016-06-08