[j-nsp] certificates and configuration on MX-like devices
Phil Shafer
phil at juniper.net
Thu Apr 26 19:45:35 EDT 2018
Chris Morrow writes:
>ok, cool! so you want cert then key, great! (not clear on the
>format... but..)
The easiest way to add certs to config is with the "load-key-file"
knob:
[edit]
phil at box# set security certificates local foo load-key-file ?
Possible completions:
<load-key-file> File (URL) containing an SSL certificate and private key in PEM format
[edit]
phil at box# set security certificates local foo load-key-file /tmp/my.cert
[edit]
phil at box# show | compare
[edit security certificates local]
self { ... }
+ foo {
+ "-----BEGIN PRIVATE KEY-----\n....\n-----END CERTIFICATE-----\n"; ## SECRET-DATA
+ }
Adding "set security certificates apply-flags omit" will also help
you smile:
[edit]
phil at box# show security
certificates { /* OMITTED */ };
>ok.. so that's actually: "Private key and Certificate string" It's
>also not simple to find docs on this at the juniper support site :(
Here's a too-late-to-help-this-time URL:
https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/ex-series-ssl-certificates-generating.html
It fails to mention that both sections are needed, though this
kb article does:
https://kb.juniper.net/InfoCenter/index?page=content&id=KB19726&cat=&actp=LIST
>If your primary/first interaction with 'documentation' is the
>command-line usage, then ffs please be precise.
Apologies for this.
Thanks,
Phil
More information about the juniper-nsp
mailing list