Support Support Downloads Knowledge Base Apex Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[CSO] How to check the PKI server reachability by renewing certificate for a single site of a tenant

0

0

Article ID: KB36602 KB Last Updated: 24 Mar 2021Version: 1.0
Summary:

PKI server reachability is very important for the certificate generation for any tenant onboarded in CSO, which is used for site authentication and further config generation for that site of tenant.

This article explains how to verify the PKI server reachability from CSO UI. This does not cause any impact to service, but to be on the safe side, it is recommended to perform the steps along with the Resident Engineer or JTAC.
Solution:
  1. Check whether the PKI server URLs are correctly configured for the tenant.

    Go to CSO UI tenant page, Administration > Tenant setting

    Click on VPN authentication. It will show the PKI related config:

  2. Go to CSO UI. Navigate to the respective tenant page. Then go to  Administration > Certificate Management > VPN Authentication

    Select the interested site and click Renew. In the example below, the site name is Test:

  3. Go to CSO UI. Navigate to monitor > Jobs

    A new Job for renew certificate will be created and running. Wait for that Job to finish.

  4. Go to view logs of the job. The logs below are seen, which indicates the renew certificate is a success.

    It confirms that PKI infrastructure is working as expected.

    Job logs:
    Mar 4, 2021, 3:59:00 PMPhase1 Start
    Mar 4, 2021, 3:59:00 PMStart to renew cert for site test-site, Phase1
    Mar 4, 2021, 3:59:02 PMRetry renew cert for site: test-stie with extra info
    Mar 4, 2021, 3:59:18 PMPhase2 Start
    Mar 4, 2021, 3:59:18 PMPhase1 End
    Mar 4, 2021, 3:59:23 PMPhase2 End
    Mar 4, 2021, 3:59:23 PMPhase3 Start
    Mar 4, 2021, 3:59:23 PMPhase3 End
    Mar 4, 2021, 3:59:23 PMUpdate Site cert Job success
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search