Help Center User GuideGetting Started
 
X
User Guide
Getting Started
Contents  

Manage Certificate Authority Group

About Certificate Authority Group Page

You are here: Administration > Certificate Management > Trusted Certificate Authority.

Multiple CA profiles can be grouped in one trusted CA group for a given topology. The ca-group can be used either in SSL or IPSec.

SSL forward proxy ensures secure transmission of data between a client and a server. Before establishing a secure connection, SSL forward proxy checks certificate authority (CA) certificates to verify signatures on server certificates. For this reason, a reasonable list of trusted CA certificates is required to effectively authenticate servers.

Table 324 provides the details of the fields of the Certificate Authority Group Page.

Table 324: Fields on Certificate Authority Group Page

Field

Description

Group Name

Displays a Name for the CA profile group.

CA Profiles

Displays the name of CA profiles.

Used For

Displays whether the CA profile group is used for IPsec VPN or for SSL proxy.

You can perform the following tasks:

Import Trusted CA Group

Procedure

To import a trusted CA group:

  1. Select Administration > Certificate Management > Certificate Authority Group.
  2. Click Import.

    The Import Trusted CA Group page appears.

  3. Complete the configuration according to the guidelines provided in Table 325.
  4. Click OK to import the CA group.

    You are taken to the Certificate Authority Group page. If the CA group content that you imported is validated successfully, a confirmation message is displayed; if not, an error message is displayed.

    After importing a CA profile group, you can use it when you create a SSL proxy.

Table 325: Fields on the Import Trusted CA Group Page

Field

Action

CA Group Name

Enter the name of a CA group.

File path for CA Group

Click Browse to navigate to the path from where you want to import the CA group.

Note: Only .pem format is supported.

Add a CA Group

Procedure

To add a CA group:

  1. Select Administration > Certificate Management > Certificate Authority Group.
  2. Click the add icon (+).

    The Add CA Group page appears.

  3. Complete the configuration according to the guidelines provided in Table 326.
  4. Click OK to save the changes. If you want to discard your changes, click Cancel instead.

    If you click OK, a new CA group with the provided configuration is created.

    After added a CA group, you can use it for IPSec VPN.

Table 326: Fields on the Add CA Group Page

Field

Action

CA Group Name

Enter an unique CA group name.

CA Profiles

Select a CA profile name from the list in the Available column and then click the right arrow to move it to the Selected column.

Note: You can add up to maximum of 20 CA profiles per trusted CA group.

Edit a CA Group

Procedure

To edit a CA group:

  1. Select Administration > Certificate Management > Certificate Authority Group.
  2. Select a CA group.
  3. On the upper right side of the Certificate Authority Group page, click the pencil icon.

    See Table 326 for the options available for editing on the Edit CA Group page.

  4. Click OK

Delete CA Group

Procedure

To delete a CA group:

  1. Select Administration > Certificate Management > Certificate Authority Group.
  2. Select a CA group.
  3. On the upper right side of the Certificate Authority Group page, click the delete icon to delete.

    A confirmation window appears.

  4. Click Yes to delete.

Search Text in Certificate Authority Group Table

You can use the search icon in the top right corner of a page to search for text containing letters and special characters on that page.

Procedure

To search for text:

  1. Enter partial text or full text of the keyword in the search bar and click the search icon.

    The search results are displayed.

  2. Click X next to a search keyword or click Clear All to clear the search results.
Help us to improve. Rate this article.
Feedback Received. Thank You!

Ask questions in TechWiki

Check documentation in TechLibrary

Rating by you:      
X

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:
Email:

Need product assistance? Contact Juniper Support

Submit