Configuring Secure Connections Between the SAE and Devices Running Junos OS
You can use TLS to protect communication between the SAE and devices running Junos OS.
To complete the handshaking protocol for the TLS connection, the client (device running Junos OS) and the server (SAE) must exchange and verify certificates. You need to create a client certificate and a server certificate. Both certificates must be signed by a certificate authority (CA). Junos OS supports VeriSign, Inc. (http://www.verisign.com). You must then install both certificates on the SAE and on the device running Junos OS.
You can use SRC CLI commands to manage certificates manually, or through the Simple Certificate Enrollment Protocol (SCEP).
Certificates are in the format defined in the X.509 standard for public key infrastructure. The certificate requests are in the Public Key Cryptology Standard (PKCS) #10 format.
Tasks to set up the SAE and the device running Junos OS to use TLS are: