Hello,
I am having issues with certificate re-enrollment using SCEP. Certificate re-enrollment for Juniper devices requires challenge-password for CA what is the major issue, because my CA provides password with time-validity. Manual re-enrollment of certificates for multiple SRX devices in network (200+) is not desirable as challenge-password is eligible only for given time-period. At the time that certificate will re-enroll, challenge-password is no more-valid that was used for first, initial enrollment.
Other devices in the network from other vendors are using generated private-key pair and this <challenge-password password> for first enrollment and after that they are able to re-enroll its certificate using only private-key pair that remains pernament. Is it possible to achieve this behaviour also with Juniper devices?
Thank you.
------------------------------
JURAJ FORMANEK
------------------------------