Netscreen SSL - what now?

[airbourne]

Ok, I have a lab setup with two Netscreen 5xt firewalls VPN Tunneled together using a preshared key. Now, I would like to use an SSL certificate, generated by the 5xt so that I can use SSL to manage the firewall from the UNTRUSTED interface.

I have created the SSL certificate, but I have no idea what to do next or how to use it. I have saved the file as well. When I do a search on Juniper's website, only search results I get is how great their large scale SSL appliances are.

Let me know if there any add'l info needed and I will post it.

Thanks!

 

[Packet7]

Hi,

Depending on what version of code you are running, you can enable HTTPs for Management on your Untrust interface via the CLI or WebUI. Try the following:

set int untrust manage ssl
save

Once the change is made, you should be able to connect to your box using https://

Rgds,

John

 

[airbourne]

I figured that was all I had to do, but the page never displays. I am running ScreenOS 4.0.3r3.0 and the certificate it created is PKCS10, which is not listed in IE6 as a valid certificate type.

I even went as far to add the IP address (HTTPS of course) into my trusted sites in IE6, and still the page never displays. It never errors out either.

I have tried both the TRUSTED and UNTRUSTED interface to connect via SSL and nothing.

Just so I am clear, SSL is only used on the UNTRUSTed interface correct?

 

[Packet7]

Hi,

You can enable SSL Management on either Interface. However, the 4.x code is old and I don't think it's capable of self generating a certificate. If recall, this was addressed in 5.x so that you could utilize a self signed cert. I would obtain new code and follow the upgrade path in the release notes. Normally, enabling SSH takes a few seconds. I think your issue is related to the firmware.

Rgds,

John