Junos OS

 View Only
last person joined: yesterday 

Ask questions and share experiences about Junos OS.

SCEP certificate re-enrollent without

  • 1.  SCEP certificate re-enrollent without

    Posted 18 days ago

    Hello,

    I am having issues with certificate re-enrollment using SCEP. Certificate re-enrollment for Juniper devices requires challenge-password for CA  what is the major issue, because my CA provides password with time-validity. Manual re-enrollment of certificates for multiple SRX devices in network (200+) is not desirable as challenge-password is eligible only for given time-period. At the time that certificate will re-enroll, challenge-password is no more-valid that was used for first, initial enrollment.

    Other devices in the network from other vendors are using generated private-key pair and this <challenge-password password> for first enrollment and after that they are able to re-enroll its certificate using only private-key pair that remains pernament. Is it possible to achieve this behaviour also with Juniper devices?

    Thank you.



    ------------------------------
    JURAJ FORMANEK
    ------------------------------