[an error occurred while processing this directive][an error occurred while processing this directive]

Importing SSL Certificates for JUNOScript Support

A JUNOScript client application can use one of four protocols to connect to the JUNOScript server on a router or switch: clear-text (a JUNOScript-specific protocol for sending unencrypted text over a TCP connection), SSH, SSL, or Telnet. For clients to use the SSL protocol, you must copy an X.509 authentication certificate onto the router or switch, as described in this topic. You must also include the xnm-ssl statement at the [edit system services] hierarchy level.

Note: The xnm-ssl statement does not apply to standard IPsec services.

After obtaining an X.509 authentication certificate and private key, copy it to the router or switch by including the local statement at the [edit security certificates] hierarchy level:

[edit security certificates]local certificate-name {load-key-file (filename | url);}

certificate-name is a name you choose to identify the certificate uniquely (for example, junoscript-ssl-client-hostname, where hostname is the computer where the client application runs).

filename is the pathname of the file on the local disk that contains the paired certificate and private key (assuming you have already used another method to copy them to the router’s or switch’s local disk).

url is the URL to the file that contains a paired certificate and private key (for instance, on the computer where the JUNOScript client application runs).

Note: The CLI expects the private key in the URL-or-path file to be unencrypted. If the key is encrypted, the CLI prompts you for the passphrase associated with it, decrypts it, and stores the unencrypted version.

The load-key-file statement acts as a directive that copies the contents of the certificate file into the configuration. When you view the configuration, the CLI displays the string of characters that constitute the private key and certificate, marking them as SECRET-DATA. The load-key-file keyword is not recorded in the configuration.

Published: 2010-04-26

[an error occurred while processing this directive]