Reset Search
 

 

Article

KB11035 - How to generate and use a CSR in the SBR 6.x Admin GUI

« Go Back

Information

 
Last Modified Date7/31/2015 5:47 PM
Synopsis
Follow the directions below to use the Certificate Signing Request (CSR) facility in the SBR 6.x GUI in conjunction with a Microsoft Enterprise CA server.
Problem or Goal
Need to generate a server certificate for use with EAP-TTLS, EAP-PEAP or EAP-TLS.
Cause
Solution
How to generate and use a CSR in the SBR 6 Admin GUI
  1. Launch the SBR 6 Admin via the appropriate URL.
  2. Navigate to the Authentication Policies section and expand it. Select Certificates

  3. Click Create.
  4. Fill in the fields. Some fields are optional, but recommended. Password is required



    Currently the CSR fields have the following restrictions:
     
    • Password For Private Key Field is limited to 7 characters
    • Other fields "comma" is not allowed.


    Violation to the above restriction will cause an UNEXPECTED ERROR.
  5. Click OK. 
  6. You will be prompted to save the certificate request to a text file.

  7. Once the file is saved, you will see the dialog below.

  8. Click OK
  9. You will be prompted to save the keystore. This is the private key for the server certificate.

  10. Once you have done this, open the certificate request text file created in step 6.  Select ALL of the text (including the Begin and End lines and copy it to the clipboard.

  11. Next, navigate to your local certificate authority to submit the certificate request.
  12. In this example, we are using a Microsoft Windows 2003 Certificate Authority.  Click  Request a Certificate

  13. Click Advanced Certificate Request

  14. Click "Submit a certificate request by using… ".

  15. A form is displayed. Paste the contents of the certificate request text file created in step 6. On some CA implementations, you may have an option to select a certificate template. Choose either Web Server or Server Authentication

  16. Click Submit.
  17. Depending on how your CA is setup, you may need the CA Administrator to manually issue your certificate by logging into the Certificate Authority console. The CA can also be configured to automatically issue the certificate. Either way, once the certificate has been issued, navigate back to the main page of the CA. Click  View the status of a pending certificate request

  18. Click on the certificate entry that corresponds to your request.

  19. Click  Download Certificate

  20. Click Save to save the certificate.



  21. Back in the SBR Admin tool, click Add.

  22. Select the certificate you saved in step 20.

  23. Once you click OK, you will be prompted for the private keystore file.
  24. Select the file we created back in step 9.

  25. Provide the password you entered from step 4.

  26. Click OK

  27. You are done. Your display should now be updated to reflect your new certificate.

  28. If you wish to backup the newly created certificate, it is located in C:\Program Files\Juniper Networks\Steel-Belted Radius\Service\ROOT (default location).
Related Links
Attachment 1 
Created ByData Deployment

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255