[ScreenOS] How to change the certificate that is used for SSL (HTTPS) WebUI Management
SUMMARY:
This article provides information on how to change the certificate that is used for SSL (HTTPS) WebUI Management.
SYMPTOMS:
Beginning with ScreenOS 5.1, the firewall creates its own self-signed certificate, which is used for SSL (HTTPS) WebUI management. Customers may want to use their own certificate, which is signed by their own CA (Certificate Authority).
CAUSE:
SOLUTION:
- Load the CA certificate on the firewall.
- Generate a PKCS certificate request for the CA to sign.
- Load the local certificate on the firewall.
- Via the WebUI, go to Configuration > Admin > Management and change the certificate from Default - System Self-Signed Cert to the Local certificate.
- Via the CLI, use the following commands:
get pki x509 list local-cert
get pki x509 cert <ID num>
set ssl cert-hash <subject name hash>For example:
ssg5-v92-wlan-> get pki x509 list local-cert
Getting LOCAL CERT ...
IDX ID num X509 Certificate Subject Distinguish Name
================================================================================
0000 233832475 LOCAL CERT friendly name <27>
CN=ssg5,CN=ssg5-v92-wlan.jnpr.net,CN=rsa-key,CN=016805200700
1695,OU=support,O=juniper,C=US,
Expire on 05-08-2009 20:03, Issued By:
CN=JTAC,OU=Juniper,OU=net,
================================================================================
ssg5-v92-wlan-> get pki x509 cert 233832475
-001 233832475 LOCAL CERT friendly name <27>
CN=ssg5,CN=ssg5-v92-wlan.jnpr.net,CN=rsa-key,CN=016805200700
1695,OU=support,O=juniper,C=US,
Expire on 05-08-2009 20:03, Issued By:
CN=JTAC,OU=Juniper,OU=net,
Serial Number: <6132536c000000000002>
subject alt name extension:
email(1): (empty)
fqdn(2): (ssg5-v92-wlan.jnpr.net)
ipaddr(7): (empty)
no renew
finger print (md5) <da98859d c567dd63 acb3d3d3 ce4c9399>
finger print (sha) <3ba4a8ff 615ac1cc 80da98fd 9bec017a ba1aa61d>
subject name hash: <24290b21 3a02baef a29c380d 739f60b6 3c1f54f5>
obj type: <1>
use count: <1>
flag <00000000>
ssg5-v92-wlan-> set ssl enable
ssg5-v92-wlan-> set ssl encrypt "rc4" md5
ssg5-v92-wlan-> set ssl cert-hash "24290B213A02BAEFA29C380D739F60B63C1F54F5"
[ScreenOS] How to change the certificate that is used for SSL (HTTPS) WebUI Management的更多相关文章
- git clone报错:“server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none”
I can push by clone project using ssh, but it doesn't work when I clone project with https. it shows ...
- InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings In
InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is s ...
- [ScreenOS] How to manually generate a new system self-signed certificate to replace the expired system self-signed certificate without resetting the firewall
SUMMARY: This article provides information on how to manually generate a new system self-signed cert ...
- How To Set Up Apache with a Free Signed SSL Certificate on a VPS
Prerequisites Before we get started, here are the web tools you need for this tutorial: Google Chrom ...
- Generate a Push Certificate
To send Push notification to an application/device couple you need an unique device token (see the O ...
- How to Move SSL certificate from Apache to Tomcat
https://www.sslsupportdesk.com/how-to-move-ssl-certificate-from-apache-to-tomcat/ Apache uses x509 p ...
- PEP 476 -- Enabling certificate verification by default for stdlib http clients
SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate ch ...
- 【Azure Developer - 密钥保管库 】使用 Python Azure SDK 实现从 Azure Key Vault Certificate 中下载证书(PEM文件)
问题描述 在Azure Key Vault中,我们可以从Azure门户中下载证书PEM文件到本地. 可以通过OpenSSL把PFX文件转换到PEM文件.然后用TXT方式查看内容,操作步骤如下图: Op ...
- The encryption certificate of the relying party trust identified by thumbprint is not valid
CRM2013部署完ADFS后通过url在浏览器中訪问測试是否成功,成功进入登陆界面但在登陆界面输入username和password后始终报身份验证失败,系统中的报错信息例如以下:Microsoft ...
随机推荐
- 22_2mybatis——CURD
1.CURD操作 第一步:创建maven工程并导入坐标 <?xml version="1.0" encoding="UTF-8"?> <pro ...
- CCPC-Wannafly Winter Camp Day8 (Div2, onsite) 补题
A Aqours 题解: https://www.cnblogs.com/qieqiemin/p/11251645.html D:吉良吉影的奇妙计划 (暴力打表) 题目描述 吉良吉影是一个平凡的上班族 ...
- Stanford CS229 Machine Learning by Andrew Ng
CS229 Machine Learning Stanford Course by Andrew Ng Course material, problem set Matlab code written ...
- 移动端适配 后篇(rem+vm)
涉及到的一些名词, 详细解释可参考 移动端适配前篇--移动端适配 rem 名词解释 [英寸Inch]英寸表示屏幕斜对角线的长度 [像素Pixel]像素是图像的基本采样单位,它不是一个确定的物理量,因为 ...
- 通过telnet自动下载cfg配置文件
源代码如下: import telnetlib import logging import datetime import csv import time def telnetfunc(enbid, ...
- return和exit以及C语言递归函数
return 在主函数main()中,return整个函数退出,在子函数中return,只退出子函数. exit exit无论在函数什么位置退出整个函数 递归函数 #include <stdio ...
- 【leetcode】1186. Maximum Subarray Sum with One Deletion
题目如下: Given an array of integers, return the maximum sum for a non-empty subarray (contiguous elemen ...
- firebird默认字符在lazarus下乱码问题
firebird3数据表中,如果字段是varchar时, delphiXE的firedac在读取时正常,但lazarus中读取时会显示乱码. 经过测试发现,如果lazarus显示正常的话,必须在建表时 ...
- asp.net+批量下载附件
asp.net 下载文件几种方式 protected void Button1_Click(object sender, EventArgs e) { /* 微软为Response对象提供了一个新的方 ...
- 2018百度之星初赛A轮 度度熊拼三角
#include<bits/stdc++.h> using namespace std; int n; int a[1005]; int main() { int ans; ...