[Contents] [Prev] [Next] [Index] [Report an Error]

Importing SSL Certificates for JUNOScript Support

A JUNOScript client application can use one of four protocols to connect to the JUNOScript server on a router: clear-text (a JUNOScript-specific protocol for sending unencrypted text over a TCP connection), SSH, SSL, or Telnet. For clients to use the SSL protocol, you must copy an X.509 authentication certificate onto the router, as described in this section. (You must also include the xnm-ssl statement at the [edit system services] hierarchy level; for more information, see Configuring SSL Service for JUNOScript Client Applications.)

Note: The xnm-ssl statement does not apply to standard IPSec services.

For detailed information about configuring SSL for JUNOScript clients, see the JUNOScript API Guide.

After obtaining an X.509 authentication certificate and private key, copy it to the router by including the local statement at the [edit security certificates] hierarchy level:

[edit security certificates]
local certificate-name {
load-key-file (filename | url);
}

certificate-name is a name you choose to identify the certificate uniquely (for example, junoscript-ssl-client-hostname, where hostname is the computer where the client application runs).

filename is the pathname of the file on the local disk that contains the paired certificate and private key (assuming you have already used another method to copy them to the router’s local disk).

url is the URL to the file that contains a paired certificate and private key (for instance, on the computer where the JUNOScript client application runs).

For more information about specifying URLs and pathnames, see the JUNOS CLI User Guide.

Note: The CLI expects the private key in the URL-or-path file to be unencrypted. If the key is encrypted, the CLI prompts you for the passphrase associated with it, decrypts it, and stores the unencrypted version.

The load-key-file statement acts as a directive that copies the contents of the certificate file into the configuration. When you view the configuration, the CLI displays the string of characters that constitute the private key and certificate, marking them as SECRET-DATA. The load-key-file keyword is not recorded in the configuration.

[Contents] [Prev] [Next] [Index] [Report an Error]

Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice.