Tuesday, March 4, 2014

MAG-CM060 SSO with a Self-Signed Certificate

I am posting this because although Juniper Networks does provide very detailed instructions on how to configure SSO with a valid certificate issued from a certificate authority, a customer recently wanted me to configure SSO without a valid certificate. Here is how I did it:

  1. From operational mode in the MAG-CM060, enter the following commands:
    1. request security pki generate-key-pair certificate-id MY-CERT size 1024 type rsa
    2. request security pki local-certificate generate-self-signed certificate-id MY-CERT domain-name domain.com email test@domain.com ip-address subject CN=,O=Test
  2. From configuration mode in the MAG-CM060, enter the following commands:
    1. set system services ftp
    2. set system services web-management http port 80 interface em0.0
    3. set system services web-management https port 443 interface em0.0 pki-local-certificate MY-CERT
    4. commit
  3. Using your favorite FTP program, connect to the MAG-CM060 and copy the certificate you created, which is located in /var/db/certs/common/local/MY-CERT.cert, to the location of your choice on your computer.
  4. From within the administrator GUI of the MAG Service Module (i.e. MAG-SM60), perform the following steps:
    1. Navigate to Authentication->Auth. Servers->Chassis Auth Server
    2. Select Choose File under Upload Certificate, and upload the certificate you copied off of the MAG-CM060.
    3. Click Save
  5. Lastly, ensure that the date/time settings are the same on both the MAG-CM060 and the Service Module:
    1. From operational mode on the MAG-CM060, enter the following command:
      1. set date...
    2. From the Dashboard in the GUI of the Service Module:
      1. Click Edit next to System Date & Time

No comments:

Post a Comment