generate and enroll certificate to CA server

Owned by Jean-luc KRIKER
Sept 27, 2020
1 min read


https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-remote-access-vpns-with-ncp-exclusive-remote-access-client.html#jd0e608





CA server config 
set security pki ca-profile CA_Server ca-identity CA_Server
set security pki ca-profile CA_Server enrollment url http://192.0.2.12/certsrv/mscep/mscep.dll
set security pki ca-profile CA_Server revocation-check crl url http://192.0.2.12/crl
commit

request registration
# Enroll CA server
request security pki ca-certificate enroll ca-profile CA_Server

# verify
request security pki ca-certificate verify ca-profile CA_Server

# generate key pair
request security pki generate-key-pair certificate-id RemoteAccessNCP size 2048 bytes type rsa

# Enroll the local certificate. 
# In this example, the certificate is enrolled using Simple Certificate Enrollment Protocol (SCEP).
request security pki local-certificate enroll scep ca-profile CA_Server certificate-id RemoteAccessNCP domain-name example.net subject DC=example.net,L=Sunnyvale,O=example,OU=example challenge-password <password>

# Verify the local certificate by checking its revocation status.
request security pki local-certificate verify certificate-id RemoteAccessNCP