Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

###Archive### [ScreenOS] DSA/ECDSA keypairs in Certificates are not supported for Web Management

0

0

Article ID: KB15965 KB Last Updated: 18 Mar 2020Version: 3.0
Summary:
The article explains the limitation of the DSA/ECDSA keypair options in the CSR generation page and how they will cause issues in the Web Management via HTTPS.
Symptoms:
A Certificate is installed on the firewall, and this certificate is selected to be used for HTTPS(SSL) connection.  (WebUI:  Admin -> Management; Certificate).

When trying to connect to the firewall using IE, the following error is displayed:

This page can't be displayed
Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try connecting to 
https://10.141.222.131 again.  If this error persists, it is possible that this site uses an unsupported
protocol or cipher suite such as RC4 (link for the details), which is not considered secure.  Please
contact your site administrator.



As stated in the error, changed the settings to accept TLS 1.0 (As ScreenOS only supports SSL(1-3) and TLS 1.0) and use 3DES_SHA-1 proposal but still the error remains the same.
 
Solution:
This issue is present if the CSR is generated using either DSA or ECDSA, as these keypair types are only supported for certain type of VPNs and not for Web Management.



If the CSR is generated using RSA, then no error is seen.
Modification History:
2018-12-31: updated title to reflect content; updated screenshot and added relevant articles.
2020-03-11: minor non-technical edits.

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search