Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX] How to load an intermediate CA certificate to an SRX device when connecting to UAC

0

0

Article ID: KB30689 KB Last Updated: 05 Mar 2020Version: 3.0
Summary:

This article describes how to load and bind an intermediate CA certificate into SRX devices when trying to connect to a UAC device.

 

Symptoms:

In normal scenarios, only the CA certificate and the local certificate are used for SRX-to-UAC connectivity. However, if there is any intermediate certificate involved, then we need to load and bind the intermediate certificate to the same UAC to bring the connectivity up.

This article describes how to link both the CA certificate (root certificate) and the intermediate certificate to the same UAC settings.

 

Solution:

Perform the following steps:

  1. Load both the root CA certificate and the intermediate CA certificate into the SRX device (/var/tmp/).

For example:

root-ca.crt
Int-cert.crt
  • Load the root CA certificate to the CA profile UAC-profile:

    root> request security pki ca-certificate load ca-profile UAC-profile filename /var/tmp/root-ca.crt
  • Load the intermediate certificate to the CA profile UAC-profile-1 :

    root> request security pki ca-certificate load ca-profile UAC-profile filename /var/tmp/Int-cert.crt

For more details on generating a key pair / loading the PKI certificate, see Junos OS IPsec VPN with PKI Certificates Primer.

  1. Bind the two CA profiles to the UAC configuration.

root# show services unified-access-control
infranet-controller uac.lan {
address 192.168.1.11;
interface fe-0/0/0.0;
password "$ABC123"; ## SECRET-DATA
ca-profile [ UAC-profile UAC-profile-1 ]; <<<<<<<<< It should look like this.
}

 

Modification History:

2020-03-05: Minor non-technical edits

 

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search