SUMMARY:

This article provides information on how to change the certificate that is used for SSL (HTTPS) WebUI Management.

SYMPTOMS:

Beginning with ScreenOS 5.1, the firewall creates its own self-signed certificate, which is used for SSL (HTTPS) WebUI management. Customers may want to use their own certificate, which is signed by their own CA (Certificate Authority).

CAUSE:

 

SOLUTION:

    1. Load the CA certificate on the firewall.
    2. Generate a PKCS certificate request for the CA to sign.
    3. Load the local certificate on the firewall.
    4. Via the WebUI, go to Configuration > Admin > Management and change the certificate from Default - System Self-Signed Cert to the Local certificate.
    5. Via the CLI, use the following commands:
      get pki x509 list local-cert
      
get pki x509 cert <ID num>
      
set ssl cert-hash <subject name hash>

      For example:

      ssg5-v92-wlan-> get pki x509 list local-cert
       
      Getting LOCAL CERT ...
      IDX  ID num     X509 Certificate Subject Distinguish Name
      ================================================================================
      0000 233832475  LOCAL CERT friendly name <27>
                      CN=ssg5,CN=ssg5-v92-wlan.jnpr.net,CN=rsa-key,CN=016805200700
                      1695,OU=support,O=juniper,C=US,
                      Expire on 05-08-2009 20:03, Issued By:
                      CN=JTAC,OU=Juniper,OU=net,
      ================================================================================
       
       
      ssg5-v92-wlan-> get pki x509 cert 233832475
      -001 233832475  LOCAL CERT friendly name <27>
                      CN=ssg5,CN=ssg5-v92-wlan.jnpr.net,CN=rsa-key,CN=016805200700
                      1695,OU=support,O=juniper,C=US,
                      Expire on 05-08-2009 20:03, Issued By:
                      CN=JTAC,OU=Juniper,OU=net,
      Serial Number: <6132536c000000000002>
      subject alt name extension:
      email(1): (empty)
      fqdn(2): (ssg5-v92-wlan.jnpr.net)
      ipaddr(7): (empty)
      no renew
      finger print (md5) <da98859d c567dd63 acb3d3d3 ce4c9399>
      finger print (sha) <3ba4a8ff 615ac1cc 80da98fd 9bec017a ba1aa61d>
      subject name hash: <24290b21 3a02baef a29c380d 739f60b6 3c1f54f5>
      obj type: <1>
      use count: <1>
      flag <00000000>
       
      ssg5-v92-wlan-> set ssl enable
      ssg5-v92-wlan-> set ssl encrypt "rc4" md5
      ssg5-v92-wlan-> set ssl cert-hash "24290B213A02BAEFA29C380D739F60B63C1F54F5"

[ScreenOS] How to change the certificate that is used for SSL (HTTPS) WebUI Management的更多相关文章

  1. git clone报错:“server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none”

    I can push by clone project using ssh, but it doesn't work when I clone project with https. it shows ...

  2. InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings In

    InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is s ...

  3. [ScreenOS] How to manually generate a new system self-signed certificate to replace the expired system self-signed certificate without resetting the firewall

    SUMMARY: This article provides information on how to manually generate a new system self-signed cert ...

  4. How To Set Up Apache with a Free Signed SSL Certificate on a VPS

    Prerequisites Before we get started, here are the web tools you need for this tutorial: Google Chrom ...

  5. Generate a Push Certificate

    To send Push notification to an application/device couple you need an unique device token (see the O ...

  6. How to Move SSL certificate from Apache to Tomcat

    https://www.sslsupportdesk.com/how-to-move-ssl-certificate-from-apache-to-tomcat/ Apache uses x509 p ...

  7. PEP 476 -- Enabling certificate verification by default for stdlib http clients

    SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate ch ...

  8. 【Azure Developer - 密钥保管库 】使用 Python Azure SDK 实现从 Azure Key Vault Certificate 中下载证书(PEM文件)

    问题描述 在Azure Key Vault中,我们可以从Azure门户中下载证书PEM文件到本地. 可以通过OpenSSL把PFX文件转换到PEM文件.然后用TXT方式查看内容,操作步骤如下图: Op ...

  9. The encryption certificate of the relying party trust identified by thumbprint is not valid

    CRM2013部署完ADFS后通过url在浏览器中訪问測试是否成功,成功进入登陆界面但在登陆界面输入username和password后始终报身份验证失败,系统中的报错信息例如以下:Microsoft ...

随机推荐

  1. 22_2mybatis——CURD

    1.CURD操作 第一步:创建maven工程并导入坐标 <?xml version="1.0" encoding="UTF-8"?> <pro ...

  2. CCPC-Wannafly Winter Camp Day8 (Div2, onsite) 补题

    A Aqours 题解: https://www.cnblogs.com/qieqiemin/p/11251645.html D:吉良吉影的奇妙计划 (暴力打表) 题目描述 吉良吉影是一个平凡的上班族 ...

  3. Stanford CS229 Machine Learning by Andrew Ng

    CS229 Machine Learning Stanford Course by Andrew Ng Course material, problem set Matlab code written ...

  4. 移动端适配 后篇(rem+vm)

    涉及到的一些名词, 详细解释可参考 移动端适配前篇--移动端适配 rem 名词解释 [英寸Inch]英寸表示屏幕斜对角线的长度 [像素Pixel]像素是图像的基本采样单位,它不是一个确定的物理量,因为 ...

  5. 通过telnet自动下载cfg配置文件

    源代码如下: import telnetlib import logging import datetime import csv import time def telnetfunc(enbid, ...

  6. return和exit以及C语言递归函数

    return 在主函数main()中,return整个函数退出,在子函数中return,只退出子函数. exit exit无论在函数什么位置退出整个函数 递归函数 #include <stdio ...

  7. 【leetcode】1186. Maximum Subarray Sum with One Deletion

    题目如下: Given an array of integers, return the maximum sum for a non-empty subarray (contiguous elemen ...

  8. firebird默认字符在lazarus下乱码问题

    firebird3数据表中,如果字段是varchar时, delphiXE的firedac在读取时正常,但lazarus中读取时会显示乱码. 经过测试发现,如果lazarus显示正常的话,必须在建表时 ...

  9. asp.net+批量下载附件

    asp.net 下载文件几种方式 protected void Button1_Click(object sender, EventArgs e) { /* 微软为Response对象提供了一个新的方 ...

  10. 2018百度之星初赛A轮 度度熊拼三角

    #include<bits/stdc++.h> using namespace std; int n; int a[1005]; int main() {     int ans;     ...