Changes between Version 6 and Version 7 of VLANsOnEX3200

Show
Ignore:
Timestamp:
05/05/10 17:25:14 (9 years ago)
Author:
ibaldin (IP: 152.54.9.131)
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • VLANsOnEX3200

    v6 v7  
    5555commit 
    5656}}} 
     57 
     58== Creating an SSL certificate for a device == 
     59 
     60On a host with openssl installed, create a self-signed certificate and package it with the private key (replace XXX with some descriptive name of the device, no spaces allowed): 
     61{{{ 
     62openssl req -x509 -nodes -newkey rsa:1024 -keyout certificate-file.pem -out junos-ssl-cert-XXX.pem 
     63}}} 
     64 
     65For the DN inside the certificate you can use something like this: 
     66{{{ 
     67Country Name (2 letter code) [AU]:US 
     68State or Province Name (full name) [Some-State]:NC 
     69Locality Name (eg, city) []:Chapel Hill 
     70Organization Name (eg, company) [Internet Widgits Pty Ltd]:RENCI 
     71Organizational Unit Name (eg, section) []:NRIG 
     72Common Name (eg, YOUR name) []:EX3200-Euca-RENCI 
     73Email Address []:ben-ops@renci.org 
     74}}} 
     75 
     76== Installing and enabling the certificate == 
     77 
     78You can scp the certificate file into the device: 
     79{{{ 
     80scp junos-ssl-cert-renci-ex3200.pem ex3200.renci.ben:~/ 
     81}}} 
     82 
     83Now ssh to the EX3200 and perform the following commands (replace orca-ssl-cert with whatever name you want to give the certificate): 
     84{{{ 
     85ibaldin> file list     
     86 
     87/var/home/remote/: 
     88.ssh/ 
     89junos-ssl-cert-renci-ex3200.pem 
     90 
     91ibaldin> edit             
     92Entering configuration mode 
     93 
     94[edit] 
     95ibaldin# set security certificates local orca-ssl-cert load-key-file ./junos-ssl-cert-renci-ex3200.pem  
     96 
     97[edit] 
     98ibaldin# set system services xnm-ssl local-certificate orca-ssl-cert  
     99 
     100[edit] 
     101ibaldin# commit  
     102commit complete 
     103}}}