SUMMARY:

This article provides information on how to change the certificate that is used for SSL (HTTPS) WebUI Management.

SYMPTOMS:

Beginning with ScreenOS 5.1, the firewall creates its own self-signed certificate, which is used for SSL (HTTPS) WebUI management. Customers may want to use their own certificate, which is signed by their own CA (Certificate Authority).

CAUSE:

 

SOLUTION:

    1. Load the CA certificate on the firewall.
    2. Generate a PKCS certificate request for the CA to sign.
    3. Load the local certificate on the firewall.
    4. Via the WebUI, go to Configuration > Admin > Management and change the certificate from Default - System Self-Signed Cert to the Local certificate.
    5. Via the CLI, use the following commands:
      get pki x509 list local-cert
      
get pki x509 cert <ID num>
      
set ssl cert-hash <subject name hash>

      For example:

      ssg5-v92-wlan-> get pki x509 list local-cert
       
      Getting LOCAL CERT ...
      IDX  ID num     X509 Certificate Subject Distinguish Name
      ================================================================================
      0000 233832475  LOCAL CERT friendly name <27>
                      CN=ssg5,CN=ssg5-v92-wlan.jnpr.net,CN=rsa-key,CN=016805200700
                      1695,OU=support,O=juniper,C=US,
                      Expire on 05-08-2009 20:03, Issued By:
                      CN=JTAC,OU=Juniper,OU=net,
      ================================================================================
       
       
      ssg5-v92-wlan-> get pki x509 cert 233832475
      -001 233832475  LOCAL CERT friendly name <27>
                      CN=ssg5,CN=ssg5-v92-wlan.jnpr.net,CN=rsa-key,CN=016805200700
                      1695,OU=support,O=juniper,C=US,
                      Expire on 05-08-2009 20:03, Issued By:
                      CN=JTAC,OU=Juniper,OU=net,
      Serial Number: <6132536c000000000002>
      subject alt name extension:
      email(1): (empty)
      fqdn(2): (ssg5-v92-wlan.jnpr.net)
      ipaddr(7): (empty)
      no renew
      finger print (md5) <da98859d c567dd63 acb3d3d3 ce4c9399>
      finger print (sha) <3ba4a8ff 615ac1cc 80da98fd 9bec017a ba1aa61d>
      subject name hash: <24290b21 3a02baef a29c380d 739f60b6 3c1f54f5>
      obj type: <1>
      use count: <1>
      flag <00000000>
       
      ssg5-v92-wlan-> set ssl enable
      ssg5-v92-wlan-> set ssl encrypt "rc4" md5
      ssg5-v92-wlan-> set ssl cert-hash "24290B213A02BAEFA29C380D739F60B63C1F54F5"

[ScreenOS] How to change the certificate that is used for SSL (HTTPS) WebUI Management的更多相关文章

  1. git clone报错:“server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none”

    I can push by clone project using ssh, but it doesn't work when I clone project with https. it shows ...

  2. InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings In

    InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is s ...

  3. [ScreenOS] How to manually generate a new system self-signed certificate to replace the expired system self-signed certificate without resetting the firewall

    SUMMARY: This article provides information on how to manually generate a new system self-signed cert ...

  4. How To Set Up Apache with a Free Signed SSL Certificate on a VPS

    Prerequisites Before we get started, here are the web tools you need for this tutorial: Google Chrom ...

  5. Generate a Push Certificate

    To send Push notification to an application/device couple you need an unique device token (see the O ...

  6. How to Move SSL certificate from Apache to Tomcat

    https://www.sslsupportdesk.com/how-to-move-ssl-certificate-from-apache-to-tomcat/ Apache uses x509 p ...

  7. PEP 476 -- Enabling certificate verification by default for stdlib http clients

    SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate ch ...

  8. 【Azure Developer - 密钥保管库 】使用 Python Azure SDK 实现从 Azure Key Vault Certificate 中下载证书(PEM文件)

    问题描述 在Azure Key Vault中,我们可以从Azure门户中下载证书PEM文件到本地. 可以通过OpenSSL把PFX文件转换到PEM文件.然后用TXT方式查看内容,操作步骤如下图: Op ...

  9. The encryption certificate of the relying party trust identified by thumbprint is not valid

    CRM2013部署完ADFS后通过url在浏览器中訪问測试是否成功,成功进入登陆界面但在登陆界面输入username和password后始终报身份验证失败,系统中的报错信息例如以下:Microsoft ...

随机推荐

  1. Atcoder grand 025 组合数学塔涂色 贪心走路博弈

    A 略 B 题意:给你N个数(3e5) 每个数可以是0,a,b,a+b(3e5) 但是总数加起来要是定值K(18e10) 问总方法数mod 998244353 解: 把a+b的看成是一个a加上一个b的 ...

  2. ui自动化之selenium操作(四)简单元素操作

    1. clear() clear()方法用于清除文本输入框内的内容:一般输入框中都有默认文字,如果不清空有可能会导致字符拼接: browser.find_element(By.ID,"use ...

  3. boost多线程编译出错

    添加 -lpthread CPLUS_INCLUDE_PATH=$CPLUS_INCLUDE_PATH:/tools/boost/includeexport CPLUS_INCLUDE_PATH LI ...

  4. C#基础知识之图解TCP IP》读书笔记

    一.网络基础知识 1. 计算机使用模式的演变 2.协议 协议就是计算机与计算机之间通过网络实现通信事先达成的一种“约定”.这种“约定”使那些由不同厂商的设备.不同的CPU以及不同的操作系统组成的计算机 ...

  5. mapper映射文件配置之select、resultMap(转载)

    原文地址:http://www.cnblogs.com/dongying/p/4073259.html 先看select的配置吧: <select         <!-- 1. id ( ...

  6. WPF选项卡页面分离之Page调用Window类

    此项目源码下载地址:https://github.com/lizhiqiang0204/WPF_PageCallWindow 如果Page与Window直接没有任何调用就用这种方法https://ww ...

  7. 一个web应用的诞生(4)

    上一章实现了登录的部分功能,之所以说是部分功能,是因为用户名和密码写成固定值肯定是不可以的,一个整体的功能,至少需要注册,登录,密码修改等,这就需要提供一个把这些值存储到数据库的能力. 当前的主流数据 ...

  8. SpringBoot+Rocketmq

    @PostConstruct:用于在依赖关系注入完成之后需要执行的方法上,以执行任何初始化.此方法必须在将类放入服务之前调用. @PreDestroy:在开发中我们如果要在关闭spring容器后释放一 ...

  9. 结合webpack实现children子路由,抽离路由模块

    demo结构 package.json.webpack.config.js.index.html与上一篇博客相同. main.js // 这是项目的入口js文件 // import $ from 'j ...

  10. luogu P2661 信息传递 x

    P2661 信息传递 题目描述 有n个同学(编号为1到n)正在玩一个信息传递的游戏.在游戏里每人都有一个固定的信息传递对象,其中,编号为i的同学的信息传递对象是编号为Ti同学. 游戏开始时,每人都只知 ...