06-11-2009 05:57 AM
Hi, in testing the SA device, I generated a CSR and sent it to the CA for signing. I later imported the certificate from another SA device, and the import process erased the CSR which was pending (stupid ... ).
I still have the text that I sent to the CA. Is there any way to still use this certificate once I get it back from the CA or I'd better get another one generated? I was under the impression that the CSR text holds the key to decrypt the cert I'll be receiving from the CA?
Solved! Go to Solution.
06-11-2009 06:19 AM
JNCIS-ENT, FWV, SSL, WLAN
JNCIA-ER, EX, IDP, UAC, WX
Juniper Networks Certified Instructor
Juniper Networks Ambassador
Juniper Elite Reseller
J-Partner Service Specialist - Implementation
If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
06-11-2009 06:23 AM
The problem with generating a CSR on the IVE is that when you type random data, you're actually generating a private key. The public part is sent of to the CA. When the original CSR is missing, to my knowledge, your private key is also gone. What you could try:
1. If you have backup ( system.cfg or XML) try to restore. This will restore any pending CSR's as well.
2. Generate a new CSR on for example a Windows CA server. Use the same information as before and mark the private key as exportable. Have your CSR signed by the CA and import the certificate including the private key into your IVE.
06-11-2009 06:45 AM
06-11-2009 07:46 AM
The random characters are used as keying input to generate a random private key, so I'm not sure entering the same characters will result in exactly the same private key.
By the way, most signing CA's accept a resign of a CSR when all provided information is exactly identical. So when you lose a private key ( a machine crashes) they sign you newly generated CSR again. The enddate of the cert will stay identical ofcourse....
you could check with your CA....