Purpose:
SSL/TLS certificate installation guide
For Juniper Secure Access VPN
Skip to Installation
NOTE:
As of November 12, 2024, Entrust introduced a new TLS certificate hierarchy as part of the deployment. The TLS certificate delivery now includes two certificate chains. The delivery of these certificate chains can be in the form of:
- Individual files. Intermediate 1 (filename: intermediate1.crt ) and Intermediate 2 (filename: intermediate2.crt ) or
- Concatenate PEM file (filename: CertificateBundle1.pem ) or
- P7B format file (filename: Certificatebundle.p7b )
Both intermediate/chain certificates must be installed in your environment.
Before you begin...
-
Never share private key files.
-
If you plan on using the same certificate on multiple servers always transfer the private key using a secure method ( e-mail is not considered a secure method of transfer ).
-
Make sure you run the SSL Server Test at the end of the installation process to check your certificate configuration against SSL/TLS Best Practices.
-
For more information on SSL/TLS Best Practices, click here .
Installing your Entrust SSL/TLS Certificate on Juniper Secure Access VPN
1. Click the
Download
button in the pickup wizard to download your certificate files. Clicking the download button will produce a zip file that includes your Server Certificate, the Entrust chain/intermediate certificates(s) and the Entrust Root certificate. Extract the files from the zip file.
2. In the Juniper administration console, click on
System > Configuration > Certificates > Trusted Server CAs.
3. Click
Import Trust Server CA.
4. Browse to
Root.crt
file that you extracted from the zip file in step 1 and click
Import Certificate.
5. A message should appear on the screen confirming that the certificate import was successful. Click
Done
to complete the root certificate import process.
6. In the next set of steps, you must install the chain/intermediate certificate files that were obtained in step 1. In the Juniper administration console, click on
System > Configuration > Certificates > Device Certificates.
7. Click the
Intermediate Device CAs
link at the top of the page.
8. Click
Import CA Certificate.
9. Browse to the Intermediate.crt file that you extracted from the zip file in Step 1.
NOTE: As of November 12, 2024, the intermediate certificate came with two files: intermediate1.crt and intermediate2.crt. These intermediate/chain certificates must be imported into your server/appliance.
10. A message should appear on the screen confirming that the certificate import was successful. Click
Done
11. You are now ready to install your signed SSL/TLS Server Certificate. In the Juniper administration console, click
System
>
Configuration
>
Certificates
>
Device
Certificates
.
13. Under
Certificate Signing Requests
, click the
Pending
CSR
link that corresponds to the signed certificate from Entrust.
14. Under
Import signed certificate
, browse to
ServerCertificate.crt
that was obtained in step 1 and click
Import
.
15. You should see a message confirming that the certificate has been imported successfully. The Server Certificate should appear in the list of Device Certificates. You may need to refresh the appliance for these changes to take effect.
If you have any questions or concerns please contact the
Entrust Certificate Services Support
department for further assistance:
Hours of Operation:
Sunday 8:00 PM ET to Friday 8:00 PM ET
North America (toll free): 1-866-267-9297
Outside North America: 1-613-270-2680 (or see the list below)
NOTE:
It is very important that international callers dial the UITF format exactly as indicated. Do not dial an extra "1" before the "800" or your call will not be accepted as an UITF toll free call.
Country |
Number |
Australia |
0011 - 800-3687-7863
|
Austria |
00 - 800-3687-7863 |
Belgium |
00 - 800-3687-7863 |
Denmark |
00 - 800-3687-7863 |
Finland |
990 - 800-3687-7863 (Telecom Finland)
|
France |
00 - 800-3687-7863 |
Germany |
00 - 800-3687-7863 |
Hong Kong |
001 - 800-3687-7863 (Voice)
|
Ireland |
00 - 800-3687-7863 |
Israel |
014 - 800-3687-7863 |
Italy |
00 - 800-3687-7863 |
Japan |
001 - 800-3687-7863 (KDD)
|
Korea |
001 - 800-3687-7863 (Korea Telecom)
|
Malaysia |
00 - 800-3687-7863 |
Netherlands |
00 - 800-3687-7863 |
New Zealand |
00 - 800-3687-7863
|
Norway |
00 - 800-3687-7863 |
Singapore |
001 - 800-3687-7863 |
Spain |
00 - 800-3687-7863 |
Sweden |
00 - 800-3687-7863 (Telia)
|
Switzerland |
00 - 800-3687-7863 |
Taiwan |
00 - 800-3687-7863 |
United Kingdom |
00 - 800-3687-7863
|