Starting in Junos OS 19.2R1 Release, Certificate Authority Group page is available and you can navigate to this page from Administration > Certificate Management > Certificate Authority Group.
For SSL forward proxy, you need to load trusted CA certificates on your system. By default, Junos OS provides a list of trusted CA certificates that include default certificates used by common browsers. Alternatively, you can define your own list of trusted CA certificates and import them on to your system.
Table 301 provides the details of the fields of the Certificate Authority Group Page
Table 301: Fields on Certificate Authority Group Page
Field | Description |
|---|---|
Group Name | Displays a Name for the CA profile group. |
CA Profiles | Displays the name of CA profiles. |
Used For | Displays whether the CA profile group is used for IPsec VPN or for SSL proxy. |
You can perform the following tasks:
Import a CA group to manually load the CA group. See Importing a Trusted Certificate Authority Group.
Add a CA group. See Adding a Certificate Authority Group.
Note You can group up to maximum of 20 CA profiles in a single trusted CA group. A minimum of one CA profile is a must to create a trusted CA group.
Edit a CA group. See Editing a Certificate Authority Group.
Delete a CA group. See Deleting a Certificate Authority Group.
Search for text in a CA group table. See Search Text in Certificate Authority Group Table.
Filter the CA group information based on select criteria. To do this, select the filter icon at the top right-hand corner of the table. The columns in the grid change to accept filter options. Type the filter options; the table displays only the data that fits the filtering criteria.
Show or hide columns in the CA group table. To do this, use the Show Hide Columns icon in the top right corner of the page and select the options you want to show or deselect to hide options on the page.
To import a trusted CA group:
The Import Trusted CA Group page appears.
You are taken to the Certificate Authority Group page. If the CA group content that you imported is validated successfully, a confirmation message is displayed; if not, an error message is displayed.
After importing a CA profile group, you can use it when you create a SSL proxy.
Table 302: Fields on the Import Trusted CA Group Page
Field | Action |
|---|---|
CA Group Name | Enter the name of a CA group. |
File path for CA Group | Click Browse to navigate to the path from where you want to import the CA group. Note: Only .pem format is supported. |
To add a CA group:
The Add CA Group page appears.
If you click OK, a new CA group with the provided configuration is created.
After added a CA group, you can use it for IPSec VPN.
Table 303: Fields on the Add CA Group Page
Field | Action |
|---|---|
CA Group Name | Enter an unique CA group name. |
CA Profiles | Select a CA profile name from the list in the Available column and then click the right arrow to move it to the Selected column. Note: You can add up to maximum of 20 CA profiles per trusted CA group. |
To edit a CA group:
See Table 303 for the options available for editing on the Edit CA Group page.
To delete a CA group:
A confirmation window appears.
You can use the search icon in the top right corner of a page to search for text containing letters and special characters on that page.
To search for text:
The search results are displayed.