Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

How Do I Specify ASN-1 Wildcard Certificates?

0

0

Article ID: KB4424 KB Last Updated: 29 Jun 2010Version: 4.0
Summary:
How Do I Specify ASN-1 Wildcard Certificates?
Symptoms:

Solution:
note Some certificates will require more than one OU specified, and the way to configure this is to use the Abstract Syntax Notation-1 (ASN-1) wildcard specification.

Use the last field Container to specify all the OUs needed and leave the default OU field empty. The local-ID must have the exact text of "[DistinguishedName]". This is how the NetScreen is able to determine this is an ASN-1 Distinguished Name (DN) type, instead of an FQDN.

To specify ASN-1 wildcard certificates, perform the following steps:

Open the CLI. For more information on how to open the CLI, go to Accessing the Command Line Interface Using Telnet.

noteThe wildcard portion of the DN will be matched first and then the string in the Container next.

For ScreenOS 5.0.0, enter the following command: 
set ike gateway "netscreen" ip 10.10.10.10 address asn1-dn wildcard "OU=AB,OU=CD,OU=EFG," Main local-id "[DistinguishedName]" outgoing-interface "untrust" proposal "custom-1"

 noteFor ScreenOS 4.0.0, enter the following command:

set ike gateway "netscreen" ip 10.10.10.10 id asn1-dn wildcard "OU=AB,OU=CD,OU=EFG," Main local-id "[DistinguishedName]" outgoing-interface "untrust" proposal "custom-1"

 noteThe resulted CLI command would look something like this:

set ike gateway "netscreen" ip 10.10.10.10 id asn1-dn container "OU=AB,OU=CD,OU=EFG," wildcard "CN=netscreen.xx.yy.com,OU=,O=Netscreen Inc.,L=,ST=,C=US,E=" Main local-id "[DistinguishedName]" outgoing-interface "untrust" proposal "custom-1"
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search