Please suggest me how to upload the new Certificate from SSL VPN (Juniper) I have software version:5.5R6 (build 12857) .
Create a Certificate Signing Request (CSR)
From the GUI:
Back up or "export" configuration, just for kicks: Maintenance > Import/Export > Configuration
Navigate to System > Configuration > Certificates > Device Certificates
Click "New CSRÉ" button
Complete the form. It will give you a long certificate request string that looks like this:
ÑÐBEGIN CERTIFICATE REQUESTÑÐ
É continuing long stringÉ
ÑÐEND CERTIFICATE REQUESTÑÐ
This is your Certificate Signing Request (CSR). ItÕs also called a private key. Keep a copy of it, and keep it safe.
Get Your Signed Certificate from a Certificate Authority
Go to certificate authority (CA) like Verisign, or your in-house CA and have certificate signed. Outside CA signing firms do some email or phone verifications.
Import SSL Certificate
After you have the .crt or .cer file, navigate back to your Pending Certificate Signing Request
Import your signed certificate
Navigate your browser to your external VPN site and verify that you donÕt get any errors
If You Have an Intermediate Bundle or Chain Certificate
To install your chain certificate, follow these extra steps:
Navigate to System > Configuration > Device Certiicates
Near the top of the screen, you should see text that says something like this:
Specify the Device Certificate(s). If you donÕt have a certificate yet, you can create a CSR and import the resulting signed certificate. If necessary, you can add custom Intermediate Device CAs.
If you do NOT have the above line, you will need to Upgrade your Juniper SSL VPN <http://technotes.twosmallcoins.com/?p=9>.
If you have the "Intermediate Device CAs" link youÕre OK. Click on that link.
Click "Import CA CertificateÉ"
Click "BrowseÉ" and select your certificate.
Log in as a regular (non administrative) user and verify that you donÕt get any SSL certificate errors. IÕd recommend testing with both Internet Explorer and Firefox http://technotes.twosmallcoins.com/?p=35.
I install a new certificate today. I want to backup my certificate, the private and the public key. Can we export my certificate.
If you generated the CSR on the SA (SSL VPN device) then you cannot export/extract the private key from the device itself. However you can save the system.cfg file if you wish to backup the cert.
Just a quick note if you come accross this from google as i did, a certificate signing request (csr) is not a private key. you should not give the private key to anyone including a certificate authority.