SA 2000 Certificate Question

Sdawson35_ · ‎07-10-2009

Hello,

Is the following scenario possible ?.

Remote Device (Typically a laptop) has a certificate installed and connects to the SA 2000 , can the SA 2000 then go off and query our internal certificate server to check the certificate on the Remote Device , if the certificate's match then allow connection ?

Scott.

muttbarker_ · ‎07-10-2009

If you are asking can you use a client based certificate for authentication the answer is yes:

The SA box will need to verify the client certificate against the matching "trusted client CA" on the SA box. You can define OCSP or CRL within that certificate for further valdiation of the cleint certificate.

Pretty straightforward to setup.

Sdawson35_ · ‎07-13-2009

Hi Kevin,

Apologies for the delay in replying to you !.

I am pretty new to Junipers & certificates in general, but what we want is not to have a certificate on the Juniper but to have it on a server somewhere and use the Juniper to check the connecting devices cert against that on the server...........or does it not work that way ?

Regards

Scott.

muttbarker_ · ‎07-13-2009

It does not work that way. To use the cert for authentication you will need to implement as per my prior message. You can then also do a validation on the user cert but that is secondary.

SA 2000 Certificate Question

SA 2000 Certificate Question

Re: SA 2000 Certificate Question

Re: SA 2000 Certificate Question

Re: SA 2000 Certificate Question