vSRX
vSRX

Error when running "show ssl-certificates"

‎02-12-2019 04:24 PM

Good afternoon,

I have recently uploaded a .pem file to a vSRX located in AWS.  When I look at the security certificates section of the config, things look good:

ec2-user> show configuration security certificates
local {
cg_wildcard {
"-----BEGIN PRIVATE KEY-----\nTHE KEY IS HERE\n-----END PRIVATE KEY-----\n-----BEGIN CERTIFICATE-----THE CERT IS HERE\n-----END CERTIFICATE-----\n"; ## SECRET-DATA
}
}

However, when I run "show ssl-ceritificates", I get an error I haven't seen before:

ec2-user> show ssl-certificates
error: peer_daemon: bad daemon: dot1xd

I'll be grateful for any help on this one.

3 REPLIES 3
vSRX

Re: Error when running "show ssl-certificates"

‎02-12-2019 06:50 PM

Hello,

 

I noticed this command is new to the SRX code and I am not sure about the purpose. I will check if this is applicable. Documentation shows this to be applicable to EX.

 

https://www.juniper.net/documentation/en_US/junos/topics/reference/command-summary/show-ssl-certific...

 

I suggest you use the command - "show security pki local-certificate"

 

From the Lab:
root@srx> show ssl-certificates

root@srx> show security pki local-certificate
node0:
--------------------------------------------------------------------------

Certificate identifier: aamw-srx-cert
Issued to: XXXXXXXXXXXXXXXXXXXXXXXXXXX==, Issued by: C = US, O = Juniper Networks Inc, OU = SecIntel, CN = SecIntel (junipersecurity.net) subCA for SRX devices, emailAddress = secintel-ca@juniper.net
Validity:
Not before: 02- 4-2019 03:52 UTC
Not after: 01-18-2038 15:00 UTC
Public key algorithm: rsaEncryption(2048 bits)

Regards,

Vikas

vSRX

Re: Error when running "show ssl-certificates"

‎02-12-2019 06:56 PM
vSRX

Re: Error when running "show ssl-certificates"

‎02-14-2019 07:34 AM

Hello,

 

If the idea is to use this certificate for all https connections on the firewall, you can use following configuration:-

 

++ set system services web-management https local-certificate <name of the certificate>

 

The loaded .pem certificate can be seen using following operational command:-

 

++ show security pki local-certificate

 

Regards,

 

Rushi