(I am sorry if this is not the correct place to post this)
I have been asked to establish an IPSec connection using certificates between Juniper MX-5 (this is the endpoint I control) and other device (still do not have any details about the brand/model) in a remote place.
This new tunnel will replace and old one between this juniper and a checkpoing (tunnel only uses psk).
I still have really few experience with Juniper devices and use of certificates for IPsec tunnels.
Is this device capable of using certificates of IPsec tunnels? What kind of certificates can i use? would a GoDaddy SSL certificate work?
Thank you very much.
rp@AR1> show version Hostname: AR1 Model: mx5-t Junos: 13.3R1.8 JUNOS Base OS boot [13.3R1.8] JUNOS Base OS Software Suite [13.3R1.8] JUNOS Kernel Software Suite [13.3R1.8] JUNOS Crypto Software Suite [13.3R1.8] JUNOS Packet Forwarding Engine Support (MX80) [13.3R1.8] JUNOS Online Documentation [13.3R1.8] JUNOS Services Application Level Gateways [13.3R1.8] JUNOS Services Jflow Container package [13.3R1.8] JUNOS Services Stateful Firewall [13.3R1.8] JUNOS Services NAT [13.3R1.8] JUNOS Services RPM [13.3R1.8] JUNOS Services Crypto [13.3R1.8] JUNOS Services SSL [13.3R1.8] JUNOS Services IPSec [13.3R1.8] JUNOS Routing Software Suite [13.3R1.8]
rp@AR1> show system license License usage: Licenses Licenses Licenses Expiry Feature name used installed needed scale-subscriber 0 1000 0 permanent scale-l2tp 0 1000 0 permanent scale-mobile-ip 0 1000 0 permanent
You can get the certificates from any provider you want. Even you can have your own CA to sign the certificate. However, it is not secure because someone has to validate your identity and in order to achieve that we will be involving CA.