SSL VPN
Reply
Contributor
Gauravdhingra
Posts: 84
Registered: ‎07-30-2008
0

Upload the new certficate into SSL VPN

Hello Guys,

 

Can anyone sugegst me the steps to upload the new certificate into SSL VPN?

 

Thanks

Gaurav

Distinguished Expert
muttbarker
Posts: 2,376
Registered: ‎01-29-2008
0

Re: Upload the new certficate into SSL VPN

Very straightforward - you select "Configuration"/"Certificates"/"Device Certificates" - Select "New CSR" to generate the certificate signing request.

 

Then when you get the certificate back you select "Import Certificate and Key" to bring the cert in. You have some option depending on exactly how the cert was generated.

 

This will obviously replace the self signed cert that you established during the initial configuration. You can also have multiple certs if you have multiple domain names on your SSL box. Those map to virtual ports that are defined under network settings.

Kevin Barker
JNCIP-SEC
JNCIS-ENT, FWV, SSL, WLAN
JNCIA-ER, EX, IDP, UAC, WX
Juniper Networks Certified Instructor
Juniper Networks Ambassador

Juniper Elite Reseller
J-Partner Service Specialist - Implementation

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Trusted Contributor
Mrkool
Posts: 252
Registered: ‎02-28-2008
0

Re: Upload the new certficate into SSL VPN

and if you want to update an existing cert you just click on the cert and click renew and upload your new cert (off course this means that you sent your original CSR to be signed by the CA and did not create a new one) and than click upload.
SA-6500 (7.3R3) Production
MAG 4610 (7.4) Lab
Distinguished Expert
muttbarker
Posts: 2,376
Registered: ‎01-29-2008
0

Re: Upload the new certficate into SSL VPN

Oh yeah - that to :smileyhappy:

 

 

Kevin Barker
JNCIP-SEC
JNCIS-ENT, FWV, SSL, WLAN
JNCIA-ER, EX, IDP, UAC, WX
Juniper Networks Certified Instructor
Juniper Networks Ambassador

Juniper Elite Reseller
J-Partner Service Specialist - Implementation

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Visitor
LuNiZ
Posts: 1
Registered: ‎01-22-2009
0

Re: Upload the new certficate into SSL VPN

[ Edited ]

Hi,

 

i did exactly what told in here, and on the admin guide.

 

fr example my domain on the initial config is, "ssl.domain.com" and there is a certificate on the device for it, which is not signed,

i want to replace that with a valid signed cert so that,

i created a CSR, and send it to the CA and they send me back a file with the extension ".cer" than when i try to import it to the pending CSR part, it says unknown CSR format.

 

i couldnt import my cert..

 

any one can help?

 

 

edit: if i try to add the certification from the, "import certification and key" menu it says : Could not read certification format.

 

 

ps: i didnt want to repost on the same topic, so if this is a topic hijacking, i am deeply sorry and please let me know, i will repost immediately.. 

 

thanks in advance..

 

Message Edited by LuNiZ on 01-22-2009 01:48 AM
Trusted Contributor
Mrkool
Posts: 252
Registered: ‎02-28-2008
0

Re: Upload the new certficate into SSL VPN

I am not 100% on this but i did run into a similar issue and i think renaming the file from .cer to .crt fixed it

 

 

SA-6500 (7.3R3) Production
MAG 4610 (7.4) Lab
Visitor
Will_Bonville
Posts: 7
Registered: ‎01-20-2009
0

Re: Upload the new certficate into SSL VPN

Yeah, if you rename it to .crt works fine
Contributor
KevinW
Posts: 29
Registered: ‎01-27-2009
0

Re: Upload the new certficate into SSL VPN

If that does not work, you may have to install the cert, and then copy to file and set the file to export as a pkcs7 file. Or you may have to export to a pkcs12 file and export a private key.
Contributor
kalluga
Posts: 11
Registered: ‎03-07-2012
0

Re: Upload the new certficate into SSL VPN

[ Edited ]

If I want to replace an existing ssl certificate say for heart bleed remediation, should I request a new csr or renew the existing certificate?

 

I'm unsure how to approach the change at this time.

 

The existing certificate is an express certificate; I would like to at least bump it up to a non-express certificate when I do replace the certificate.

 

Should I use the renew option to accomplish this or new csr?

 

Once the csr has been issued, will this immediately break the existing ssl certificate?

Recognized Expert
jayLaiz
Posts: 416
Registered: ‎11-25-2009
0

Re: Upload the new certficate into SSL VPN

Request a new CSR , renewing does not replace private key.

 

Once you recieve the new signed certificate, upload it and map the interfaces to use the new certificate, the old certificate is invalid then as it is not tied to any interfaces (external/internal etc)

 

Thanks,

Jay

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.