Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Questions on certificates

HB_
Occasional Contributor
‎10-31-2008 12:11:PM
‎10-31-2008 12:11:PM

Questions on certificates

We've been using RSA tokens for authentication to our SSL VPN system.  Recent interest in iPhones and Junos Pulse is leading us in the direction of using certificates for more seamless authentication.

I'd appreciate the benefit of others experience. I understand I can stand up a certificate server on the SA box itself.  How manageable is it?  Alternatively, could we use our Active Directory CA to generate certs for the client devices?  If yes, are there some guides I can follow?  I haven't been able to find sufficient information in the Juniper knowledgeablenes or admin guides.

0 Kudos
4 REPLIES 4
muttbarker_
Valued Contributor
‎01-29-2008 06:11:PM
‎01-29-2008 06:11:PM

Re: Questions on certificates

If you are interested in certificate based authentication I would take a serious look at the following site:

http://www.gosecureauth.com/

They have an awesome product and it is in my top 3 recommended solutions for two factor authentication when I outline solutions to potential clients.





Kevin Barker
JNCIP-SEC
JNCIS-ENT, FWV, SSL, WLAN
JNCIA-ER, EX, IDP, UAC, WX
Juniper Networks Certified Instructor
Juniper Networks Ambassador

Juniper Elite Reseller
J-Partner Service Specialist - Implementation

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
0 Kudos
HB_
Occasional Contributor
‎10-31-2008 08:45:AM
‎10-31-2008 08:45:AM

Re: Questions on certificates

Is there a guide I can following for using a WIndows CA with the SSL VPN system?  I assume I have to import our AD CA cert into the Juniper box.

The idea for using one cert with a password seems like it would be a time saver, but I'm not sure our Infosec group would go for it.



0 Kudos
spacyfreak_
Contributor
‎02-27-2009 01:21:PM
‎02-27-2009 01:21:PM

Re: Questions on certificates

I dont think you can create certificates for clients directly on IVE.

You can use Windows Server CA easily.

You could use ONE certificate for all users in addition to usercredential.

You can use this certificate on realm level for autorization via rolemapping.

When you want the cert to be valid for more then 2 years, use windows server enterprise edition.

You have to confgure validation in registry. I use 5 years cause i dont want to enroll certificates to thousands of users.

0 Kudos
spacyfreak_
Contributor
‎02-27-2009 10:15:PM
‎02-27-2009 10:15:PM

Re: Questions on certificates

Of cause one certificate for ALL users does not make much sense from a normal point of view. :-)

The certificate in my scenario does NOT authenticate the user.

The user authenticates with his AD credentials.

In the background, the client browser transmits the clientcertificate to IVE.

The IVE uses the clientcertificate to authenticate the CLIENTDEVICE as trusted company device.

Via certificate attribute "CN" you can assign the authenticated user the proper IVE Role.


0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.