Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Requesting the Certificate Using the JET IDE

 

In order to develop and distribute JET applications, you must install a package signing certificate onto the virtual machine (VM). You do this by creating a certificate request and sending it to Juniper Networks. When you receive the certificate, you install it in the VM.

Caution

Never send your signing key to anyone, including Juniper Networks. The key enables anyone to sign applications that your router will trust. Therefore, it should be treated with the same level of security as the root password for the routers. Once you obtain your signing key, save it in a file outside of the VM.

Before you can create a certificate request, you must have the provider prefix—a uniquely identifying prefix that represents the name of your organization. This prefix should have been provided to a contact at your organization. If you do not know this prefix, you must request it before running the jet-certificate-request command. Contact JET Certificate Processing at jet-cert@juniper.net.

To create a signed application, request certificates and copy them as explained in the following procedure. This procedure is optional if you want to create an unsigned application.

To create a certificate request using the IDE:

  1. Select Juniper Extension Toolkit > Certificate > Generate Certificate.
  2. Complete the fields in the Generate Certificate Request pane.

    The script prompts for the following data:

    • ISO Code

    • State

    • Municipality

    • Organization Name

    • Organization Provider Prefix

    • User String

      This is an additional specification of your choosing. It could be a string specifying the development team or project name. The user string can consist of a lowercase letter followed by one or more lowercase letters or numbers.

    • Deployment Scope

    • Index number

      This number is known as a certificate generations number. It is 1 for your initial certificate. When a certificate expires and a new one is requested, you must increment the number.

    • E-mail address

      We recommend against using a personal e-mail address for the certificate contact.

  3. Click Browse to select a directory in which to create the cert files.

    This is usually the /usr/local/junos-jet/certs directory.

  4. Click Finish.

To send a certificate request to Juniper Networks:

Note

Alternatively, you can use an existing e-mail server to send e-mail to jet-cert@juniper.net with the certificate request file attached.

  1. Select Juniper Extension Toolkit > Certificate > Request Signing.
  2. Set up local e-mail SMTP server details and your e-mail details.
  3. Fill in the subject of the e-mail.
  4. Attach the certificate request file to the e-mail.
  5. Send the e-mail.

To install a certificate on the VM:

  1. Select Juniper Extension Toolkit > Certificate > Install Certificate.
  2. Navigate to the location where the certificate resides and click Finish.
  3. Check that the certificates foo_key.pem and foo.pem are both in the directory.