[Contents] [Prev] [Next] [Index] [Report an Error]

Configuring a CA Profile

The CA profile contains the name and URL of the CA or RA, as well as some retry timer settings. CA certificates issued by Entrust, VeriSign, and Microsoft are all compatible with J-series, M-series, and T-series routing platforms. To configure the domain name of the CA or RA, include the ca-identity statement at the [edit security pki ca-profile ca-profile-name] hierarchy level. To configure the URL of the CA, include the url statement at the [edit security pki ca-profile ca-profile-name enrollment] hierarchy level. To configure the number of enrollment attempts the routing platform should perform, include the retry statement at the [edit security pki ca-profile ca-profile-name enrollment] hierarchy level. To configure the amount of time the routing platform should wait between enrollment attempts, include the retry-interval statement at the [edit security pki ca-profile ca-profile-name enrollment] hierarchy level.

[edit security pki]
ca-profile ca-profile-name {
ca-identity ca-identity;
enrollment {
url url-name;
retry number-of-enrollment-attempts; # The range is 0 though 100 attempts.
retry-interval seconds; # The range is 0 though 3600 seconds.
}
}
[Contents] [Prev] [Next] [Index] [Report an Error]

Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice.