SRX Services Gateway
Highlighted
SRX Services Gateway

Web Management not loading third party SSL certificate

‎08-11-2014 09:55 PM

Hi there

 

I can't seem to get my web-management off a self-signed certificate and using the third party certificate i installed.

 

Recently updated to 12.1X44-D35.5 and the third party SSL certificate dropped off the interface. Went through the process of re-issuing the certificate just incase but no luck. I have tried restarting web-management after installing and no luck. Rebooting the router is not an option at the moment.

 

When i visit https://vpn.xxx/ I get the self signed certificate which should no longer apply

 

SSC.jpg

 

 

Certificate applied to interface

 

root@xxx> show configuration system services web-management
management-url my-jweb;
http {
    interface [ vlan.0 vlan.1 ge-0/0/15.0 ];
}
https {
    pki-local-certificate VPN;
    interface [ ge-0/0/15.0 vlan.1 ];
}

 Show Certificate Request

 

show security pki certificate-request
Certificate identifier: VPN
  Issued to: vpn.xxx
  Public key algorithm: rsaEncryption(2048 bits)

 Show Local Certificate

 

Certificate identifier: VPN
  Issued to: vpn.xxx, Issued by: C = US, O = "GeoTrust, Inc.", CN = RapidSSL CA
  Validity:
    Not before: 08-10-2014 21:22 UTC
    Not after: 03- 3-2018 14:45 UTC
  Public key algorithm: rsaEncryption(2048 bits)

 

Show CA Certificate

 

Certificate identifier: VPN
  Issued to: RapidSSL CA, Issued by: C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
  Validity:
    Not before: 02-19-2010 22:45 UTC
    Not after: 02-18-2020 22:45 UTC
  Public key algorithm: rsaEncryption(2048 bits)

 

 Any suggestions?

4 REPLIES 4
Highlighted
SRX Services Gateway

Re: Web Management not loading third party SSL certificate

‎08-11-2014 10:15 PM

Hello Eric

 

This appears to be known issue in SRX which needs investigation.

Please open up a case and engage JTAC.

 

Regards,

Raveen

Note: If this answers your question, you could mark this post as accepted solution, that way it helps others as well. Kudos will be cool if I earned it!
Highlighted
SRX Services Gateway

Re: Web Management not loading third party SSL certificate

‎08-11-2014 11:37 PM

Hi, 

I f You have DVPN configured,  this is expected to be seen.?

Do you have dynamic-vpn configured?

If configured, deativate dynamic vpn config and try accessing, you will see the correct cert.

 

As informed by Raveen this needs JTAC investigation.

Regards,
c_r

Highlighted
SRX Services Gateway

Re: Web Management not loading third party SSL certificate

‎08-16-2014 10:31 PM

Hi ,

 

it looks like custom certificates are not supported for dynamic vpn .

 

http://kb.juniper.net/InfoCenter/index?page=content&id=KB23028

 

For testing purpose , Disable dynamic vpn configuration and test the Jweb management , it should work.

 

Regards
rparthi
 

Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too

Highlighted
SRX Services Gateway

Re: Web Management not loading third party SSL certificate

‎08-21-2014 04:26 PM

Just incase anyone else comes across this problem.

 

I rolled back to 12.1R4.7 and was able to installed the CA again for Dynamic VPN.

 

In PR969672 it allows you to apply a CA (PKI) but then isn't allowed. 

 

Juniper Support (Smriti and Parthi) help was great and Parthi is trying to push the engineering department to review, possibly making it an enhancement.

 

If anyone needs to use Dynamic VPN on the SRX, Save yourself the headache, between this issue, KB26257 and incompatibility of Pulse client with DVPN across platforms its a night mare.

 

Again thanks Juniper Support

 

 

 

 

 

 

 

Feedback