Adding the Server Certificate on the Device

The TLS client (device running Junos OS) needs a copy of the certificate that was used to sign the SAE certificate so that it can verify the SAE certificate. To install the SAE certificate on the device running Junos OS:

  1. Include the following statements at the [edit security certificates certificate-authority] hierarchy level.
    [edit security certificates certificate-authority]
    security{certificates{certificate-authority SAECert{file /var/db/certs/cert.pem;}}}
  2. Include the following statements at the [system services service-deployment] hierarchy level.
    system{services{service-deployment{servers {server-address port port-number{security-options {tls;}}}}}}

Related Documentation