Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] Is IKEv2 certificate lookup based on URL supported on Netscreen devices?



Article ID: KB30534 KB Last Updated: 24 Sep 2020Version: 2.0

IKEv2 certificate lookup based on URL is not supported on ScreenOS.


According to RFC 4945, a device can support an implementation (HTTP_CERT_LOOKUP_SUPPORTED) where instead of sending a complete certificate in the payload, a hash and URL where the certificate is stored can be sent to the peer.

This is not a mandatory implementation.


ScreenOS devices do not support this feature. We will always send the entire certificate in the payload.

Modification History:
2020-09-23: Article reviewed for accuracy. No changes required. Article is correct and complete.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search