Entrust Datacard

Entrust Certificate Services Support Knowledge Base

Last Modified: 2016-07-05 09:23:12.0

How do I create a CSR with 2048 key bit length on a Juniper device?

Article Number: 44802

Problem:

You do not have the option to create a 2048 bit length CSR from your Juniper managment interface.  This mostly affects Juniper systems 6.x - 6.4

Resolution:
There are 2 options

Option 1: Use OpenSSL command

Generate a key pair, and go to "Configuration -> Certificates -> Device Certificates -> Import Certificate and Key" and import the key file and certificate file (these are stored separately)
Use the CSR to submit your request to Entrust and when the certificate is signed and sent back, import the certificate and key as mentioned above.

An example of the OpenSSL command is:

openssl genrsa -des3 -out "C:\temp\private_key.key" 2048
openssl req -new -key "C:\temp\private_key.key" -out "C:\temp\Entrust.csr"

Option 2: Upgrade Juniper

Please see the "What’s New in Juniper Networks Secure Access (SA) SSL VPN Version 6.5"  or contact Juniper Support for further assistance.
http://www.juniper.net/techpubs/software/ive/6.x/releasenotes/6.5-whats_new.pdf

 

 


 

TN8557

Affected Products:

  • Entrust Certificate Services Advantage Certificates Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services Extended Validation Certificate Units Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services Wildcard Certificates Version Not Applicable Language Not Applicable Platform Not Applicable