 |
Note: For digital certificates, the JUNOS software supports only VeriSign CAs for the ES PIC. |
The statements for configuring digital certificates differ for the AS and MultiServices PICs and the ES PIC. For more information about how to configure digital certificates for adaptive services interfaces, see Configuring Digital Certificates for Adaptive Services Interfaces.
To define the digital certificate configuration for an encryption service interface, include the following statements at the [edit security certificates] and [edit security ike] hierarchy levels:
- [edit security]
-
certificates {
-
cache-size bytes;
-
cache-timeout-negative seconds;
-
-
certification-authority ca-profile-name {
-
ca-name ca-identity;
-
crl filename;
-
encoding (binary | pem);
-
enrollment-url url-name;
-
file certificate-filename;
-
ldap-url url-name;
- }
-
enrollment-retry attempts ;
-
-
local certificate-filename {
-
certificate-key-string;
- load-key-file key-file-name;
- }
-
maximum-certificates number;
-
path-length certificate-path-length;
- }
-
ike {
-
-
policy ike-peer-address {
-
description policy;
-
encoding (binary | pem);
-
identity identity-name;
-
local-certificate certificate-filename;
-
local-key-pair private-public-key-file;
-
mode (aggressive | main);
-
pre-shared-key (ascii-text key | hexadecimal key);
-
proposals [ proposal-names ];
- }
- }
For information about how to configure the description and mode statements, see Configuring the Description for an IKE Policy and Configuring the Mode for an IKE Policy. For information about how to configure the IKE proposal, see Associating Proposals with an IKE Policy
|
Note: For digital certificates, the JUNOS software supports only VeriSign CAs for the ES PIC. |
To use digital certificates for dynamic SAs, perform the tasks described in the following sections:
 | Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |