Hello,
I have stumbled across this issue just a few weeks ago.
It is difficult to find detailed instructions on Juniper documentation for installing local certificates.
You can find hints on what you need to do here:
Importing SSL Certificates for Junos XML Protocol Support | Junos OS | Juniper Networks
My purpose was setting the device up for Telemetry and this guide helped a lot:
dave.dev - Configuring SSL for gRPC on Junos
In summary, you need to prepare a file that includes the device certificate and its private key.
I have succeeded in that using PEM format (not mentioned in the Juniper link above). Not sure if DER will work.
If the private key is using a passphrase keep it handy because you will need it during the import.
I wish Juniper had more clear instructions on this matter.
Hope this helps,
Alexandros
------------------------------
ALEXANDROS TZAMPAZIS
------------------------------
Original Message:
Sent: 06-03-2024 05:28
From: arv rob
Subject: SRX300 - Unable to install the CA and Local Certificate[.der format]?
I fixed the CA Cert renew by removing the current CA certificate and loading the new one again. however is still persist for local certificate.
Any idea? Should I create a new Certificate-id?
------------------------------
arv rob
Original Message:
Sent: 06-02-2024 00:05
From: arv rob
Subject: SRX300 - Unable to install the CA and Local Certificate[.der format]?
Hey Guys,
I'm having issues installing the ca and local certificate? Have you encountered this issues? Im using der format , is should be supported right?
Web forum has little to no information about this error, so need to gather more details.
CA Certificate:
root@xxxxx> ...-profile CA_240508 filename /var/tmp/ca_20240520.der
Fingerprint:
<Find prints cut>
Do you want to load this CA certificate ? [yes,no] (no) yes
error: Failed to write the CA certificate to local store
Local Certificate Installation:
root@xxxx> ...001x203 filename /var/tmp/0813001x203_20240520.der
error: error load certid<0813001x203>
------------------------------
arv rob
------------------------------