Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Public Key Infrastructure (PKI)

  • PKI notifications support for CMPv2 protocol with jsd process (MX480, MX960, MX2010, and MX2020)—Starting in Junos OS Release 24.2R1, your MX Series router sends public key infrastructure (PKI) notification to Juniper Extension Toolkit (JET) services process (jsd) when it performs certificate management using Certificate Management Protocol (CMPv2) protocol to add, update, and clear certificate operations.

    [See Juniper Extension Toolkit Developer Guide.]

  • TPM-based certificate support for advanced anti-malware protection (SRX1600, SRX2300, and SRX4300)—Starting in Junos OS Release 24.2R1, your SRX Series Firewalls use Trusted Platform Module based (TPM-based) certificates for advanced anti-malware (AAMW) protection. To use the TPM-based certificates:

    • The firewall loads the certificate using PKI during the device's start and restart operation. To view the certificate ID, referred as idev-id, use the show security pki node-local local-certificate certificate-id idev-id command.

    • The SSL Initiation uses the certificate for Transport Layer Security (TLS) connection to authenticate the device. You can configure the tpm option using the set services ssl initiation profile profile-name crypto-hardware-offload command.

    [See show security pki node-local local-certificate, and profile (SSL Initiation).]