Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Getting started with Junos Space API- Troubleshooting Untrusted Certificate errors on MAC



Article ID: KB31545 KB Last Updated: 06 Apr 2017Version: 1.0

By default, Junos Space Network Management Platform uses a self-signed SSL Certificate.
When you try to issue API GET/POST requests on your Junos Space URL or VIP(eth0:0) IP address with the appropriate Headers (Authorization, Content-type,etc) by a Junos API user, you may see the errors below on the REST API Client.

Browser used: Chrome
REST API Client: Advanced REST API Client


An internet browser will state that a website certificate is untrusted if that certificate has not been signed by a trusted Certificate Authority. In order for a browser to accept a certificate, it must be able to link it to a 'trusted root certificate'.

Trusted root certificates are embedded into popular browsers such as Internet Explorer, Firefox, Chrome and Comodo Dragon. These root certificates are used as trust 'anchors' to verify the legitimacy of all website certificates that the browser encounters. If a browser encounters a certificate that is not signed by one of these roots, then it will state it is untrusted and visitors will see an error message like the one below:

Seeing the alert does not necessarily mean that the website you're visiting is trying to trick you into believing it is a different website. It means that your web browser is unable to verify the identity of the website, and that you should proceed carefully.


To Fix the issue.

  1. Navigate to Chrome Developer tools > Security Overview and view the certificate. 
    On Firefox, you can view certificate when you click the 'Confirm Security Exception' button when you login to the server. View Certificate > View Details > Export to generate a *.crt file.


  2. A box pops up showing information about the certificate. Drag the large certificate icon to a Finder window. A .cer file will be created in the location you dragged it to on the Desktop directory.

  3. On your MAC,  Navigate to Applications > Utilities and open the Keychain From the Menu options, select File > Import Items to import the *.cer downloaded and saved in your Desktop in Step 2.

  4. Right Click on the Certificate and select Get Info and expand Trust link.  Choose Always Trust for When using this certificate and close the pop-up window.

  5. Enter the MAC password to accept the change. Notice that This root certificate is not trusted error disappears.

Now, login to your REST Client and issue an API GET/POST/PUT request. It should be successful.

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search