Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Configuring Secure Connections Between the SAE and Devices Running Junos OS


You can use TLS to protect communication between the SAE and devices running Junos OS.

To complete the handshaking protocol for the TLS connection, the client (device running Junos OS) and the server (SAE) must exchange and verify certificates. You need to create a client certificate and a server certificate. Both certificates must be signed by a certificate authority (CA). Junos OS supports VeriSign, Inc. ( You must then install both certificates on the SAE and on the device running Junos OS.

You can use SRC CLI commands to manage certificates manually, or through the Simple Certificate Enrollment Protocol (SCEP).

Certificates are in the format defined in the X.509 standard for public key infrastructure. The certificate requests are in the Public Key Cryptology Standard (PKCS) #10 format.

Tasks to set up the SAE and the device running Junos OS to use TLS are:

  1. Adding the Server Certificate on the Device

  2. Creating a Client Certificate for the Router

  3. Adding the Client Certificate on the Router

  4. Configuring the SAE to Use TLS (SRC CLI)

  5. Configuring TLS on the SAE (SRC CLI)