cancel
Showing results for 
Search instead for 
Did you mean: 

Juniper Local User with the option to Generate the certificate per user and provide user expiration

shimrose_
New Contributor

Juniper Local User with the option to Generate the certificate per user and provide user expiration

Is it possible to create local user in Juniper SA Series and generates certificate on each user for authentication purpose? If yes, will it be possible also that the user can enroll to juniper Appliance to generate and get their certificate remotely?

Can it also provide user expiration option?

4 REPLIES 4
zanyterp_
Respected Contributor

Re: Juniper Local User with the option to Generate the certificate per user and provide user expirat

Technically you could login as each user and create their certificate for them, yes; however, that will not be of any benefit to you as you would still need to distribute the certificates to users.

The Juniper appliance does not do any certificate enrollment; you would need to allow users to connect to your certificate server and create the certificates through the appliance.

There is no timer for user expiration other than a one-time-use only option.

jspanitz_
Frequent Contributor

Re: Juniper Local User with the option to Generate the certificate per user and provide user expirat

Does Juniper have any type of certificate enrollment device / services that could be utilized? If not, what are others doing in such a situation?

zanyterp_
Respected Contributor

Re: Juniper Local User with the option to Generate the certificate per user and provide user expirat

no, there is nothing like this from juniper.

most of the environments i have worked with over the years that use certificates utilize MS certificate services. 

I have run across a few that use their own openSSL-based option; public PKI a lΠverisign (or similar); and i'm sure there are others available that i have not run across

spuluka
Super Contributor

Re: Juniper Local User with the option to Generate the certificate per user and provide user expirat

If you have a windows domain, then the easiest way is to auto-enroll your domain computers using group policy. You add the CA (certificate authority) role to a server in your enterprise. Then you create the group policy that will auto-enroll all your domian computers.

http://technet.microsoft.com/en-us/library/cc947849%28v=ws.10%29.aspx

The the SA then you will add your enterprise CA to the certificate authorities. And then you can use it for authentication.

Steve Puluka BSEET - IP Architect - DQE Communications Pittsburgh, PA (Metro-Ethernet & ISP) - http://puluka.com/home