Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  SSG 140 Certificates

    Posted 05-06-2014 05:41

    Hello,

     

    I want to add our own Certificate to secure HTTPS with more bit than ScreenOS gives me.

    I uploaded the CA-Cert to "Objects > Certificates > CA"

    Now I set a new cert from "Local" with ECDSA and Key Lenght 2048.

    When I insert the CSR to sign with the imported CA (StartSSL) it tolds me the Key Lenght is only 768 ? So i cant do the next step...it requires min. 2048.

    Is it possible to import a CRT/KEY which is generatet from StartSSL?

    I want to use an own certificate for administration and webauth.

     

    Greetings

     


    #SSG140
    #StartSSL
    #certificate


  • 2.  RE: SSG 140 Certificates
    Best Answer

    Posted 05-06-2014 05:51
      |   view attached

    Hi,

     

    When you're generating the new cert request in firewall just choose to use 2048bit key. See the attachment.

    If that doesnt work, use RSA instead of ECDSA. It will work for sure.

     

    If you are satisfied with the answer, please click "Accepted as Solution". Kudos also welcome!

     



  • 3.  RE: SSG 140 Certificates

    Posted 05-08-2014 22:40

    Hello,

     

    that's what I've done. RSA worked for me, thanks.

    But why generate ECDSA no 2048 Key?

     

    Regards