Configuring TLS on the SAE

Use the following configuration statements to configure TLS on the SAE:

shared sae configuration driver junos security {
need-client-authentication;
certificate-identifier private-key;
}

To configure TLS on the SAE:

  1. From configuration mode, access the configuration statement that configures security for the JUNOS TLS connection. In this sample procedure, the JUNOS driver is configured in the west-region group.
      user@host# edit shared sae group west-region configuration driver junos security
  2. (Optional) Specify whether or not the SAE requests a client certificate from the router when a connection to the router is established.
      [edit shared sae group west-region configuration driver junos security]
      user@host# set need-client-authentication
  3. Specify the name of certificate to be used for TLS communications.
      [edit shared sae group west-region configuration driver junos security]
      user@host# set certificate-identifier private-key
  4. (Optional) Verify your TLS configuration. 
    [edit shared sae group west-region configuration driver junos security]
user@host# show
need-client-authentication;
certificate-identifier privatekey;