SRX

last person joined: 12 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  IKE with Certificates

    Posted 09-04-2013 05:45

    Hello,

     

    How does an IKE peer validate another peer's certificate up the certificate chain to the root CA certificate? Does the SRX come preconfigured with some trusted root CA certs?

     

    Thanks,

     

    Alshan



  • 2.  RE: IKE with Certificates
    Best Answer

    Posted 09-04-2013 07:33

    You will need to load the CA Cert from the issuing authority along with the issued local cert and the CRL (if using) Junos currently supports cert issuance from:

     

    Entrust

    Microsoft

    Verisign 



  • 3.  RE: IKE with Certificates

    Posted 09-04-2013 14:59

    Hi,

     

    Thanks for the response. Does that mean that both peers will need to have obtained their certs from the same CA?
    Or is it possible for an IKE peer to load root certs from all three CAs so that  it can trust any cert signed by those vendors?

     

    Thanks,

     

    Alshan



  • 4.  RE: IKE with Certificates

    Posted 09-05-2013 05:29

    I would think that the latter would function fine, however I don't have multple cert vendors so I have never tested that scenario. 



  • 5.  RE: IKE with Certificates

    Posted 09-05-2013 06:44

    Alrighty, thanks for the help 🙂