Adding the Server Certificate on the Device
The TLS client (device running Junos OS) needs a copy of the certificate that was used to sign the SAE certificate so that it can verify the SAE certificate. To install the SAE certificate on the device running Junos OS:
- Include the following statements at the [edit security
certificates certificate-authority] hierarchy level.[edit security certificates certificate-authority]security{certificates{certificate-authority SAECert{file /var/db/certs/cert.pem;}}}
- Include the following statements at the [system services
service-deployment] hierarchy level.system{services{service-deployment{servers {server-address port port-number{security-options {tls;}}}}}}