Help Center User GuideGetting Started
 
X
User Guide
Getting Started
Contents

Managing Certificate Authority Group

Starting in Junos OS 19.2R1 Release, Certificate Authority Group page is available and you can navigate to this page from Administration > Certificate Management > Certificate Authority Group.

For SSL forward proxy, you need to load trusted CA certificates on your system. By default, Junos OS provides a list of trusted CA certificates that include default certificates used by common browsers. Alternatively, you can define your own list of trusted CA certificates and import them on to your system.

Table 301 provides the details of the fields of the Certificate Authority Group Page

Table 301: Fields on Certificate Authority Group Page

Field

Description

Group Name

Displays a Name for the CA profile group.

CA Profiles

Displays the name of CA profiles.

Used For

Displays whether the CA profile group is used for IPsec VPN or for SSL proxy.

You can perform the following tasks:

Importing a Trusted Certificate Authority Group

Procedure

To import a trusted CA group:

  1. Select Administration > Certificate Management > Certificate Authority Group.
  2. Click Import.

    The Import Trusted CA Group page appears.

  3. Complete the configuration according to the guidelines provided in Table 302.
  4. Click OK to import the CA group.

    You are taken to the Certificate Authority Group page. If the CA group content that you imported is validated successfully, a confirmation message is displayed; if not, an error message is displayed.

    After importing a CA profile group, you can use it when you create a SSL proxy.

Table 302: Fields on the Import Trusted CA Group Page

Field

Action

CA Group Name

Enter the name of a CA group.

File path for CA Group

Click Browse to navigate to the path from where you want to import the CA group.

Note: Only .pem format is supported.

Adding a Certificate Authority Group

Procedure

To add a CA group:

  1. Select Administration > Certificate Management > Certificate Authority Group.
  2. Click the add icon (+).

    The Add CA Group page appears.

  3. Complete the configuration according to the guidelines provided in Table 303.
  4. Click OK to save the changes. If you want to discard your changes, click Cancel instead.

    If you click OK, a new CA group with the provided configuration is created.

    After added a CA group, you can use it for IPSec VPN.

Table 303: Fields on the Add CA Group Page

Field

Action

CA Group Name

Enter an unique CA group name.

CA Profiles

Select a CA profile name from the list in the Available column and then click the right arrow to move it to the Selected column.

Note: You can add up to maximum of 20 CA profiles per trusted CA group.

Editing a Certificate Authority Group

Procedure

To edit a CA group:

  1. Select Administration > Certificate Management > Certificate Authority Group.
  2. Select a CA group.
  3. On the upper right side of the Certificate Authority Group page, click the pencil icon.

    See Table 303 for the options available for editing on the Edit CA Group page.

  4. Click OK

Deleting a Certificate Authority Group

Procedure

To delete a CA group:

  1. Select Administration > Certificate Management > Certificate Authority Group.
  2. Select a CA group.
  3. On the upper right side of the Certificate Authority Group page, click the delete icon to delete.

    A confirmation window appears.

  4. Click Yes to delete.

Search Text in Certificate Authority Group Table

You can use the search icon in the top right corner of a page to search for text containing letters and special characters on that page.

Procedure

To search for text:

  1. Enter partial text or full text of the keyword in the search bar and click the search icon.

    The search results are displayed.

  2. Click X next to a search keyword or click Clear All to clear the search results.

See Also

 
Help us to improve. Rate this article.
Feedback Received. Thank You!

Ask questions in TechWiki

Check documentation in TechLibrary