Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Generate, Apply, and Manage Certificates

You can create a new Certificate Signing Request (CSR) or Juniper Networks issued certificate from the Certificate Management page.

  • CSR—Choose CSR if your company maintains a Private Key Infrastructure (PKI) and certificate authority (CA), and can generate its own certificates. By issuing a CSR on Security Director Cloud, you will not need to upload the private key of the certificate to Juniper Security Director Cloud. After the CSR is generated by Juniper Secure Edge, download the CSR and submit it to your CA to generate a new certificate. Once generated, click Upload to upload the certificate on the Certificate Management page.

  • Juniper issued certificate—Choose Juniper Networks Issued Certificate if your company does not have its own CA. Juniper Networks will generate and keep the certificate on the system. Once the certificate has been generated, click Download to download the certificates. The CA certificate will be downloaded. Distribute the certificates to your managed devices.

Generate Certificates

  1. Select Secure Edge > Certificate Management.

    The Certificate Management page appears.

  2. Select Generate > Certificate signing request or Juniper issued certificate..

    The Generate Certificate Signing Request or Generate Juniper Issued Certificate page appears.

  3. Complete the configuration according to the following guidelines:
    Table 1: Generate Certificate Settings

    Setting

    Guideline

    Name

    Enter a unique name for the certificate.

    The name must begin with an alphanumeric character and can contain hyphens and underscores.

    Common name

    Enter a common name for the certificate.

    Organization name

    Enter the organization name that you want to associate with the certificate.

    Organization unit name

    Enter the organization unit or department that you want to associate with the certificate.

    Email address

    Enter the e-mail address of the certificate holder.

    Country

    Select the country from where you are creating this certificate.

    State or province

    Select the state or region from where you are creating this certificate.

    Locality

    Select the locality from where you are creating this certificate.

    Cryptographic Settings

    Algorithm

    Displays the algorithm or encryption type used to sign the certificate.

    No. of bits

    Displays the bit length size for the algorithm.

    Digest

    Displays the digests available for the certificate.

    Expiration

    Displays the validity period of the Juniper-issued certificate.
  4. Click OK.
    The Certificate Management page opens with a message indicating that the certificate is created successfully.
    Note:

    You can generate only one Juniper-issued certificate and up to five CSRs for customer-issued certificates.

Apply a Certificate

You can apply a certificate to deploy on all devices and enable communication with Security Director Cloud. The applied certificate becomes the active certificate and appears with the system-defined name jsec-ssl-proxy-root-cert. If only one certificate is available—either a Juniper-issued certificate or a CSR:

  • The system automatically applies it as the active certificate by default. Consequently, Apply Certificate will not appear next to that certificate.

  • If a certificate has a system-defined name jsec-ssl-proxy-root-cert, it indicates that the certificate is already active and does not require any manual action.

You can apply a CSR certificate only after you upload the PEM file, whereas you can apply a Juniper-issued certificate immediately because it is already complete.

To apply a certificate:

  1. Navigate to the Certificate Management page, Secure Edge > Certificate Management.
  2. Select an existing certificate to set as active certificate or generate a new certificate. For more information on certificate generation, See Generate Certificates.
  3. Click Apply Certificate. The Apply Certificate window opens.
  4. Click Yes to confirm certificate application. If you want to cancel the application, click No.
    When you click Yes, the selected certificate becomes the active certificate.

Manage Certificates

  • Regenerate—Select the Juniper-issued certificate and click Regenerate. You can regenerate the Juniper-issued certificate a few days in advance if the certificate is about to expire.

  • Delete—Select the certificate, and then click the trash can icon (). You must delete a certificate before you delete a tenant and when you do not want to trust a certificate authority in Juniper Secure Edge.