[Contents] [Prev] [Next] [Index] [Report an Error]

Using Digital Certificates

Digital certificates authenticate your identity when establishing secure virtual private network (VPN) connections.

To use a digital certificate to authenticate your identity when establishing a secure VPN connection, you must first do the following:

Obtain a certificate authority (CA) certificate from which you intend to obtain a personal certificate, and then load the CA certificate in the device.
The CA certificate can contain a certificate revocation list (CRL) to identify invalid certificates.
Obtain a local certificate (also known as a personal certificate) from the CA whose CA certificate you have previously loaded, and then load the local certificate in the device. The local, or end-entity (EE), certificate establishes the identity of the Juniper Networks device with each tunnel connection.

You can obtain CA and local certificates manually, or online using Simple Certificate Enrollment Protocol (SCEP). Certificates are verifiable and renewable, and you can delete them when they are no longer needed.

Before You Begin
For background information, read Understanding Public Key Cryptography Understanding Certificates Understanding Certificate Revocation Lists Understanding Public Key Infrastructure

Before You Begin

For background information, read

This topic covers:

[Contents] [Prev] [Next] [Index] [Report an Error]