Message Image

Skip main navigation (Press Enter).

Screen OS

last person joined: 8 months ago

This is a legacy community with limited Juniper monitoring.

Back to discussions

Expand all | Collapse all

Questions to he CN part of the DN in the PKCS#10 request

Jump to Best Answer

StefanS04-30-2009 09:27

Hi List, Is it correct that ScreenOs generates these two "cn" parameters? cn=rsa-key and cn=JNxxxxxx1ADB ...

Erdem05-01-2009 07:31Best Answer

Hi Stefan, ScreenOS by default is generating the DN with several CN fields as you specified (one ...

1. Questions to he CN part of the DN in the PKCS#10 request

0 Recommend
StefanS
Posted 04-30-2009 09:27
Hi List,
Is it correct that ScreenOs generates these two "cn" parameters?

cn=rsa-key and cn=JNxxxxxx1ADB

Complete DN path:
cn=Test User,cn=Test.User.felten-group.com,cn=rsa-key,cn=JNxxxxxx1ADB,o=FELTEN GROUP,c=DE

Is that OK ?

Stefan
2. RE: Questions to he CN part of the DN in the PKCS#10 request
Best Answer

0 Recommend
Erdem
Posted 05-01-2009 07:31
Hi Stefan,

ScreenOS by default is generating the DN with several CN fields as you specified (one of them is the serial number). This is not incorrect, but some CAs are rejecting it.

You can change this behavior with the following:

set pki x509 raw-cn enable

With the raw-cn option enabled, the "cn=rsa-key" and "cn=<serial number>" will be excluded from the DN.

Best regards,

Igor

Powered by Higher Logic