asp.net pdf reader : Can pdf files be compressed software control project winforms web page .net UWP j-sa-sslvpn-7.1-adminguide76-part799

CHAPTER29
Certificates
AboutUsingCertificatesontheSASeriesApplianceonpage726
UsingDeviceCertificatesonpage727
ImportingCertificatesIntotheSASeriesApplianceonpage728
DownloadingaDeviceCertificateFromtheSASeriesApplianceonpage730
CreatingaCertificateSigningRequest(CSR)foraNewCertificateonpage731
UsingIntermediateServerCACertificatesonpage732
ImportingIntermediateServerCACertificatesonpage733
UsingMultipleSASeriesDeviceCertificatesonpage733
AssociatingDifferentCertificateswithDifferentVirtualPortsonpage734
UsingaTrustedClientCAonpage735
AutomaticallyImportingaCACertificateonpage737
ManuallyUploadingCACertificatesonpage739
SpecifyingAttributesfortheTrustedClientCACertificateonpage741
SpecifyingClient-sideCertificateRestrictionsonpage743
EnablingClientCAHierarchiesonpage744
EnablingCRLsonpage745
SendingCRLDownloadRequeststoaProxyServeronpage747
SpecifyingCDPOptionsonpage748
EnablingOCSPonpage750
UsingTrustedServerCAsonpage751
UploadingTrustedServerCACertificatesonpage752
RenewingaTrustedServerCACertificateonpage753
ViewingTrustedServerCACertificateDetailsonpage753
UsingCode-signingCertificatesonpage754
TaskSummary:ConfiguringtheSASeriesAppliancetoSignorRe-SignJava
Appletsonpage756
ImportingaCode-SigningCertificateonpage756
AboutTwo-WaySSLAuthenticationonpage757
725
Copyright©2012,JuniperNetworks,Inc.
Can pdf files be compressed - Compress reduce PDF size in C#.net, ASP.NET, MVC, Ajax, WinForms, WPF
C# Code & .NET API to Compress & Decompress PDF Document
change font size in pdf form field; advanced pdf compressor online
Can pdf files be compressed - VB.NET PDF File Compress Library: Compress reduce PDF size in vb.net, ASP.NET, MVC, Ajax, WinForms, WPF
VB.NET PDF Document Compression and Decompression Control SDK
advanced pdf compressor; change file size of pdf
TaskSummary:ConfiguringtheSASeriesApplianceforTwo-WaySSL
Authenticationonpage758
ImportingtheCertificatesforTwo-WaySSLHandshakeonpage758
MappingResourcePoliciestotheCertificateonpage759
MappinganClientAuthenticationAuto-Policyonpage760
ClientCertificateValidationontheExternalandVirtualPortsonpage760
TaskSummary:ConfiguringforClientCertificateValidationonpage761
SelectingthePortsForClientCertificationValidationonpage761
AboutUsingCertificatesontheSASeriesAppliance
AnSASeriesApplianceusesPublicKeyInfrastructure(PKI)tosecurethedatathatit
sendstoclientsovertheInternet.PKIisasecuritymethodthatusespublicandprivate
keystoencryptanddecryptinformation.Thesekeysareenabledandstoredthrough
digitalcertificates.Adigitalcertificateisanencryptedelectronicfileissuedthatestablishes
aWebserver’soruser’scredentialsforclient-servertransactions.
Inpublickeycryptography,apublic-privatekeypairisusedtoencryptanddecryptdata.
Dataencryptedwithapublickey,whichtheownermakesavailabletothepublic,canbe
decryptedwiththecorrespondingprivatekeyonly,whichtheownerkeepssecretand
protected.
Forexample,ifAlicewantstosendBobanencryptedmessage,Alicecanencryptitwith
Bob'spublickeyandsendittohim.Bobthendecryptsthemessagewithhisprivatekey.
Thereverseprocessisalsouseful:encryptingdatawithaprivatekeyanddecryptingit
withthecorrespondingpublickey.Thisprocessisknownascreatingadigitalsignature.
Forexample,ifAlicewantstopresentheridentityasthesenderofamessage,shecan
encryptthemessagewithherprivatekeyandsendthemessagetoBob.Bobthendecrypts
themessagewithAlice'spublickey,thusverifyingthatAliceisindeedthesender.
AnSASeriesApplianceusesthefollowingtypesofdigitalcertificatestoestablish
credentialsandsecureSASeriesAppliancesessiontransactions:
Devicecertificates—Adevicecertificatehelpstosecurenetworktraffictoandfrom
anSASeriesApplianceusingelementssuchasyourcompanyname,acopyofyour
company’spublickey,thedigitalsignatureofthecertificateauthority(CA)whoissued
thecertificate,aserialnumber,andexpirationdate.
TrustedclientCAs—AtrustedclientCAisaclient-sidecertificateissuedbyacertificate
authority(CA)thatallowsyoutocontrolaccesstorealms,roles,andresourcepolicies
basedoncertificatesorcertificateattributes.Forexample,youmayspecifythatusers
mustpresentavalidclient-sidecertificatewiththeOUattributesetto
“yourcompany.com”inordertosignintothe“Users”authenticationrealm.
TrustedserverCAs—AtrustedserverCAisthecertificateofaWebserverthatyou
trust.IfyouhaveaWebbrowsinglicense,youmayinstallatrustedserverCAonthe
Copyright©2012,JuniperNetworks,Inc.
726
JunosPulseSecureAccessServiceAdministrationGuide
VB.NET PDF Convert to Tiff SDK: Convert PDF to tiff images in vb.
Create multipage Tiff image files from PDF in VB.NET When converting PDF document to TIFF image using VB for Tagged Image File Format which can be compressed
acrobat compress pdf; change font size in pdf text box
VB.NET Image: RasterEdge JBIG2 Codec Image Control for VB.NET
compressed bitonal images into PDF files and decompress images from PDF files quickly with the smallest quality loss. The encoded images in PDF file can also
pdf file size limit; pdf compress
SASeriesApplianceinordertovalidatethecredentialsoftheWebsitesthatusers
accessthroughtheSASeriesAppliance.
Code-signingcertificates—Acode-signingcertificate(alsocalledanappletcertificate)
isatypeofserver-sidecertificatethatre-signsJavaappletsintermediatedbytheSA
SeriesAppliance.Youmayusetheself-signedcode-signingcertificatethatcomes
pre-loadedonanSASeriesAppliance,oryoumayinstallyourowncode-signing
certificate.
InabasicSASeriessetup,theonlyrequiredcertificatesareadevicecertificateanda
code-signingcertificate.TheSASeriesAppliancecanuseasinglecode-signingcertificate
toresignallJavaappletsandasingledevicecertificatetointermediateallotherPKI-based
interactions.Ifthebasiccertificatesdonotmeetyourneeds,however,youmayinstall
multipledeviceandappletcertificatesonanSASeriesApplianceorusetrustedCA
certificatestovalidateusers.
NOTE:
TheSASeriesAppliancecanverifycertificatesthatuseSHA2asthe
messagedigest.
DSAcertificatesarecurrentlynotsupported.
CertificatemanagementfeaturesareanintegralpartoftheSASeriesmanagement
framework—AllSASeriesproductsincludesomecertificatemanagementfeatures.If
youareanSA700Seriesadministrator,however,notethattrustedserverCAand
code-signingcertificateadministrationfeaturesareonlyavailableifyouhaveaCore
ClientlessAccessupgradelicense.
Related
Documentation
UsingDeviceCertificatesonpage727
UsingaTrustedClientCAonpage735
UsingTrustedServerCAsonpage751
UsingDeviceCertificates
AdevicecertificatehelpstosecurenetworktraffictoandfromanSASeriesAppliance
usingelementssuchasyourcompanyname,acopyofyourcompany’spublickey,the
digitalsignatureofthecertificateauthority(CA)whoissuedthecertificate,aserial
number,andexpirationdate.
WhenreceivingencrypteddatafromanSASeriesAppliance,theclient’sbrowserfirst
checkswhethertheSASeriesAppliance’scertificateisvalidandwhethertheusertrusts
theCAthatissuedtheSASeriesAppliance’scertificate.Iftheuserhasnotalready
indicatedthattheytrusttheSASeriesAppliance’scertificateissuer,theWebbrowser
promptstheusertoacceptorinstalltheSASeriesAppliance’scertificate.
WhenyouinitializeanSASeriesAppliance,itcreatesatemporaryself-signeddigital
certificatelocallythatenablesuserstoimmediatelybeginusingyourSASeriesAppliance.
Notethattheencryptionfortheself-signedcertificatecreatedduringinitializationis
727
Copyright©2012,JuniperNetworks,Inc.
Chapter29:Certificates
VB.NET TIFF: How to Convert TIFF to PDF in a VB.NET Doc Imaging
A TIFF file can be compressed with several methods, but this If you want to restore the file with a smallest possible size, you should choose TIFF over PDF.
apple compress pdf; pdf change page size
C# Word: How to Compress, Decompress Word in C#.NET Projects
you can save both the original and compressed files to your in your VS program, you can simply copy controls, PDF document, image to pdf files and components
can pdf files be compressed; change font size pdf fillable form
perfectlysafe,butusersarepromptedwithasecurityalerteachtimetheysignintoan
SASeriesAppliancebecausethecertificateisnotissuedbyatrustedcertificateauthority
(CA).Forproductionpurposes,werecommendthatyouobtainadigitalcertificatefrom
atrustedCA.
TheSASeriesAppliancesupportsX.509devicecertificatesinDERandPEMencode
formats(fileextensionsinclude.cer,.crt,.der,and.pem)aswellasPKCS#12(file
extensionsinclude.pfxand.p12).TheSASeriesAppliancealsosupportsusingthe
followingadditionalfeatureswithdevicecertificates:
IntermediatedeviceCAcertificates—Withinacertificatehierarchy,oneormore
intermediatecertificatesarebranchedoffofasinglerootcertificate.
Multipledevicecertificates—Whenusingmultipledevicecertificates,eachcertificate
handlesvalidationforaseparatehostnameorfully-qualifieddomainname(FQDN)
andmaybeissuedbyadifferentCA.
NOTE: YoucannotassigndevicecertificatestotheVLANinterfacesofan
SASeriesAppliance.
Related
Documentation
AboutUsingCertificatesonSecureAccessServiceonpage726
ImportingCertificatesIntotheSecureAccessServiceonpage728
DownloadingaDeviceCertificateFromtheSecureAccessServiceonpage730
UsingMultipleSecureAccessServiceCertificatesonpage733
ImportingCertificatesIntotheSASeriesAppliance
ImportinganExistingRootCertificateandPrivateKey
YoucancreateWebservercertificatesfromserverssuchasApache,IIS,SunONE
(formerlyiPlanet),orNetscape,andthenimportthecertificateintotheSASeries
Appliance.Toexportadigitalservercertificateandkey,pleasefollowyourWebserver's
instructionsforexportingcertificates.Then,usetheDeviceCertificatestabtoimport
thesefiles.
NOTE: WhenexportingacertificatefromanotherWebserver,notethatit
mustbeencryptedandyoumustexportthepasswordwiththecertificate.
YoucannotimportaWebservercertificate’sprivatekeyintoanSASeries
FIPSAppliance,sincethekeyiscreatedinanon-FIPScompliantenvironment.
Youmay,however,importacertificatekeyfromanotherSASeriesAppliance
alongwithitssecurityworld.
Copyright©2012,JuniperNetworks,Inc.
728
JunosPulseSecureAccessServiceAdministrationGuide
C# Image: How to Encode & Decode JPEG 2000 Images Using C#.NET JP2
image file format for JPEG 2000 compressed data) adopts an image codec SDK has provided can also help controls, PDF document, image to pdf files and components
change page size pdf; 300 dpi pdf file size
VB.NET Image: JPEG 2000 Codec for Image Encoding and Decoding in
Integrate PDF, Tiff, Word compression add-on with JPEG 2000 VB.NET, our VB.NET JPEG 2000 codec can get a high quality lossy image with smaller files for you.
best pdf compressor; optimize scanned pdf
Toimportanexistingrootservercertificateandprivatekey:
1.
Intheadminconsole,selectSystem>Configuration>Certificates>Device
Certificates.
2.
ClickImportCertificate&Key.
NOTE: ThisoptionisnotavailableonFIPSplatformsasimportingprivate
keysisnotsupported.OnaFIPSsystem,youcanonlycreateaCSRand
thenimportasignedcertificatefromtheCSR.
[Warning:elementunresolvedinstylesheets:<change>(in<para>).This
isprobablyanewelementthatisnotyetsupportedinthestylesheets.]
OntheFIPSdevice,youmustusetheConfiguration>Certificates>New
CSRbuttontocreateaCSR.YoupasstheCSRrequesttoanexternalCA,
andthenimportthegeneratedcertificatefileintothePendingCertificate
SigningRequestpage.
TheConfiguration>Certificates>DeviceCertificate>ImportCertificate
andKeybuttonisdisabledontheFIPSdevice.
3.
Selecttheappropriateformtoimportthecertificate:
Ifthecertificateandkeyarecontainedinonefile,usetheIfcertificatefileincludes
privatekeyform.
Ifthecertificateandkeyareseparatefiles,usetheIfcertificateandprivatekeyare
separatefilesform.
Ifthecertificateandkeyarecontainedinasystemconfigurationfile,usetheImport
viaSystemConfigurationfileform.Whenyouchoosethisoption,theSASeries
Applianceimportsallofthecertificatesspecifiedintheconfigurationfileintothe
DeviceCertificatespage(includingprivatekeysandpendingCSRs,butnotthe
correspondingportmappings).
4.
Intheappropriateform,browsetothecertificateandkeyfile.Ifthefileisencrypted,
enterthepasswordkey.
5.
ClickImport.
ImportingaRenewedCertificateThatUsestheExistingPrivateKey
Youcanrenewadevicecertificateintwoways:
SubmitanewCSRtoaCA—Thisprocessofrenewingacertificateismoresecure,
becausetheCAgeneratesanewcertificateandprivatekey,retiringtheolderprivate
key.Tousethisrenewalmethod,youmustfirstcreateaCSRthroughtheadminconsole.
NOTE: YoucannotimportaWebservercertificate’sprivatekeyintoanSA
FIPSSeriesAppliance,sincethekeyiscreatedinanon-FIPScompliant
environment.
729
Copyright©2012,JuniperNetworks,Inc.
Chapter29:Certificates
JPEG to PDF Converter | Convert JPEG to PDF, Convert PDF to JPEG
JPEG to PDF Converter can be used on Windows 95 converter to convert images of JPG, JPEG formats to PDF files; a batch conversion of JPG to PDF with amazingly
change paper size pdf; change page size of pdf document
VB.NET Image: Free VB.NET Guide to Convert Image to Byte Array
If necessary, you can also use this VB.NET Image Conversion to provide powerful & profession imaging controls, PDF document, tiff files and components
change file size of pdf; change font size in fillable pdf
RequestrenewalbasedontheCSRpreviouslysubmittedtotheCA—Thisprocess
ofrenewingacertificateislesssecure,becausetheCAgeneratesacertificatethat
usestheexistingprivatekey.
Whenorderingarenewedcertificate,youmustresubmityouroriginalCSRorensurethat
theCAhasarecordoftheCSRthatyousubmittedforyourcurrentcertificate.
Toimportareneweddevicecertificatethatusestheexistingprivatekey:
1.
FollowyourCA’sinstructionsforrenewingacertificatethatyoupreviouslypurchased
throughthem.
NOTE: Ensureyouspecifythesameinformationyouusedintheoriginal
CSR.YourCAusesthisinformationtocreateanewcertificatethat
correspondstotheexistingkey.
EventhoughyouspecifythesameinformationusedintheoriginalCSR,
yourrootCAmayhavedifferentserialnumbersandkeysfromtheoriginal.
Youmayneedtosupportbothnewclientandoldclientcertificatesduring
thetransitionperiod,whichmeansthatyouwillneedtomaintaintwo
rootCAcertificates(yourexistingcertandtherenewedcert),atleast
temporarily
2.
Intheadminconsole,selectSystem>Configuration>Certificates>Device
Certificates.
3.
Ifyouwanttorenewanintermediatecertificate,clicktheIntermediateDeviceCAs
linkatthetopofthepage.
4.
Clickthelinkthatcorrespondstothecertificatethatyouwanttorenew.
5.
ClickRenewCertificate.
6.
IntheRenewtheCertificateform,browsetotherenewedcertificatefile,enterthe
passwordforthecertificatekey,andclickImport.
Related
Documentation
UsingMultipleSecureAccessServiceCertificatesonpage733
CreatingaCertificateSigningRequest(CSR)foraNewCertificateonpage731
DownloadingaDeviceCertificateFromtheSecureAccessServiceonpage730
AboutUsingCertificatesonSecureAccessServiceonpage726
DownloadingaDeviceCertificateFromtheSASeriesAppliance
IfyoucreateaSAMLresourcepolicy,forexample,youmustcreateatrustrelationship
betweentheSASeriesApplianceandyouraccessmanagementsystem.(Trust
relationshipsensurethatSAML-enabledsystemsareonlypassinginformationtoand
fromtrustedsources.)IfyouchoosetocreateaSAMLSSOresourcepolicyusingaPOST
profile,partofcreatingatrustrelationshipinvolvesinstallingtheSASeriesAppliance’s
Copyright©2012,JuniperNetworks,Inc.
730
JunosPulseSecureAccessServiceAdministrationGuide
VB.NET PowerPoint: How to Convert PowerPoint Document to TIFF in
TIFF files can be compressed to reduce the file size by using LZW compression and can be converted document formats, such as JPEG, GIF and PDF, by using
acrobat compress pdf; pdf compression settings
C# PowerPoint: Convert PowerPoint (Slide) to Raster Image
can not only convert PowerPoint to PDF document file also render PowerPoint to various raster image files, like png file that needs to be converted can be loaded
batch reduce pdf file size; pdf optimized format
devicecertificateontheaccessmanagementsystem.TheDeviceCertificatespage
enablesyoutoeasilydownloadtheSASeriesAppliance’scertificatesoyoucaninstall
itonyouraccessmanagementsystem.
TodownloadadevicecertificatefromtheSASeriesAppliance:
1.
Intheadminconsole,chooseSystem>Configuration>Certificates>Device
Certificates.
2.
Clickthelinkthatcorrespondstothecertificatethatyouwanttosave.
3.
ClickDownload.
4.
BrowsetothelocationwhereyouwanttosavethecertificateandclickSave.
Related
Documentation
AboutUsingCertificatesonSecureAccessServiceonpage726
ImportingCertificatesIntotheSecureAccessServiceonpage728
CreatingaCertificateSigningRequest(CSR)foraNewCertificateonpage731
UsingMultipleSecureAccessServiceCertificatesonpage733
CreatingaCertificateSigningRequest(CSR)foraNewCertificate
IfyourcompanydoesnotownadigitalcertificateforitsWebservers,orifyouarerunning
anSASeriesFIPSAppliance,youcancreateaCSR(certificatesigningrequest)through
theadminconsoleandthensendtherequesttoaCAforprocessing.Whenyoucreatea
CSRthroughtheadminconsole,aprivatekeyiscreatedlocallythatcorrespondstothe
CSR.IfyoudeletetheCSRatanypoint,thisfileisdeleted,too,prohibitingyoufrom
installingasignedcertificategeneratedfromtheCSR.
NOTE: DonotsendmorethanoneCSRtoaCAatonetime.Doingsomay
resultinduplicatecharges.Youmayviewdetailsofanypendingrequests
thatyoupreviouslysubmittedbyclickingtheCertificateSigningRequest
DetailslinkintheDeviceCertificatestab.
Tocreateacertificatesigningrequest:
1.
Intheadminconsole,chooseSystem>Configuration>Certificates>Device
Certificates.
2.
ClickNewCSR.
3.
EntertherequiredinformationandclickCreateCSR.
4.
Followtheinstructionson-screen,whichexplainwhatinformationtosendtotheCA
andhowtosendit.
5.
WhenyoureceivethesignedcertificatefromtheCA,importthecertificatefileusing
theinstructionsthatfollow.
731
Copyright©2012,JuniperNetworks,Inc.
Chapter29:Certificates
NOTE: WhensubmittingaCSRtoaCAauthority,youmaybeaskedtospecify
eitherthetypeofWebserveronwhichthecertificatewascreatedorthetype
ofWebserverthecertificateisfor.Selectapache(ifmorethanoneoption
withapacheisavailable,chooseany).Also,ifpromptedforthecertificate
formattodownload,selectthestandardformat.
ImportingaSignedCertificateCreatedFromaCSR
ToimportasigneddevicecertificatecreatedfromaCSR:
1.
Intheadminconsole,chooseSystem>Configuration>Certificates>Device
Certificates.
2.
UnderCertificateSigningRequests,clickthePendingCSRlinkthatcorrespondsto
thesignedcertificate.
3.
UnderImportsignedcertificate,browsetothecertificatefileyoureceivedfromthe
CAandthenclickImport.
Related
Documentation
AboutUsingCertificatesonSecureAccessServiceonpage726
UsingIntermediateServerCACertificatesonpage732
UsingIntermediateServerCACertificates
Withinacertificatehierarchy,oneormoreintermediatecertificatesarebranchedoffof
asinglerootcertificate.Therootcertificateisissuedbyarootcertificateauthority(CA)
andisself-signed.Eachintermediatecertificatesisissuedbythecertificateaboveitin
thechain.
Ifyouaresecuringtrafficusingchainedcertificates,youmustensurethattheSASeries
ApplianceandWebbrowsertogethercontaintheentirecertificatechain.Forexample,
youmaychoosetosecuretrafficusingachainthatstemsfromaVerisignrootcertificate.
Assumingyourusers’browserscomepre-loadedwithVerisignrootcertificates,youonly
needtoinstallthelower-levelcertificatesinthechainontheSASeriesAppliance.Then,
whenyourusersbrowsetotheSASeriesAppliance,theSASeriesAppliancepresents
anyrequiredcertificateswithinthechaintothebrowserinordertosecurethetransaction.
(TheSASeriesAppliancecreatestheproperlinksinthechainusingtherootcertificate’s
IssuerDN.)IftheSASeriesApplianceandbrowsertogetherdonotcontaintheentire
chain,theuser’sbrowserwillnotrecognizeortrusttheSASeriesAppliance’sdevice
certificatesinceitisissuedbyanothercertificateinsteadofatrustedCA.
WheninstallingcertificatesthroughtheSASeriesAppliance,youmayinstallcertificates
inanyorder.TheSASeriesAppliancesupportsuploadingoneormoreintermediateCAs
inaPEMfile.
Related
Documentation
ImportingIntermediateServerCACertificatesonpage733
EnablingClientCAHierarchiesonpage744
Copyright©2012,JuniperNetworks,Inc.
732
JunosPulseSecureAccessServiceAdministrationGuide
ImportingIntermediateServerCACertificates
Toimportanintermediatedevicecertificateandprivatekey:
1.
Intheadminconsole,chooseSystem>Configuration>Certificates>Device
Certificates.
2.
ClicktheIntermediateDeviceCAslinkatthetopofthepage.
3.
ClickImportCAcertificate.
4.
BrowsetotheCAcertificatethatyouwanttouploadtotheSASeriesApplianceand
clickImportCertificate.
Related
Documentation
EnablingClientCAHierarchiesonpage744
UsingIntermediateServerCACertificatesonpage732
UsingMultipleSASeriesDeviceCertificates
WhenusingmultipleSASeriesAppliancedevicecertificates,eachcertificatehandles
validationforaseparatehostnameorfullyqualifieddomainname(FQDN)andmaybe
issuedbyadifferentCA.Youcanusemultiplerootcertificatesinconjunctionwithmultiple
sign-inURLs.Withthemultiplesign-inURLsfeature,youcanprovideaccesstotheSA
SeriesAppliancefrommultiplehostnamesbycreatingadifferentsign-inURLforeach
hostnameorFQDN.Then,youcancreateseparatesign-inpagesandauthentication
requirementsforeachsign-inURL.Withthemultipledevicecertificatesfeature,youcan
usedifferentcertificatestovalidateuserssigningintoeachofthosehostnamesorFQDNs.
Forexample,youcanassociateonecertificatewiththepartners.yourcompany.comsite
andanotherwiththeemployees.yourcompany.comsite.
Tasksummary:EnablingMultipleDeviceCertificates
Toenablemultipledevicecertificates,youmust:
1.
SpecifytheIPaddressesfromwhichusersmayaccesstheInfranetControllerand
thencreateavirtualportforeach.AvirtualportactivatesanIPaliasonaphysical
port.Tocreatevirtualportsfor:
Internalusers—UsesettingsintheSystem>Network>InternalPort>VirtualPorts
tabtocreatevirtualportsforuserssuchasemployeeswhoaresigningintotheSA
SeriesAppliancefrominsideyourinternalnetwork.
Externalusers—UsesettingsintheSystem>Network>Port1>VirtualPortstab
tocreatevirtualportsforuserssuchascustomersandpartnerswhoaresigning
intotheSASeriesAppliancefromoutsideofyourinternalnetwork.
2.
UploadyourdevicecertificatestotheInfranetController.Youcanimportcertificates
fromtheSystem>Configuration>Certificates>DeviceCertificatespageoftheadmin
consoleortheMaintenance>Import/Export>SystemConfigurationpageofthe
733
Copyright©2012,JuniperNetworks,Inc.
Chapter29:Certificates
adminconsole.Uploadonedevicecertificateforeachdomain(hostname)thatyou
wanttohostontheInfranetController.
3.
SpecifywhichvirtualportstheSASeriesApplianceshouldassociatewiththe
certificatesusingsettingsintheSystem>Configuration>Certificates>Device
Certificatestab.WhenausertriestosignintotheSASeriesApplianceusingtheIP
addressdefinedinavirtualport,theSASeriesApplianceusesthecertificateassociated
withthevirtualporttoinitiatetheSSLtransaction.
AssociatingaCertificateWithaVirtualPort
IfyouchoosetoassociatemultiplehostnameswithasingleSASeriesAppliance,you
mustspecifywhichcertificatestheSASeriesApplianceshouldusetovalidateusers
signingintothedifferenthostnames.Optionsinclude:
Associateallhostnameswithasinglewildcardcertificate—Withthismethod,you
useasinglewildcardcertificatetovalidateallusers,regardlessofwhichhostname
theyusetosignintotheSASeriesAppliance.Awildcardcertificateincludesavariable
elementinthedomainname,makingitpossibleforuserssigninginfrommultiplehosts
tomaptothe“same”domain.Forexample,ifyoucreateawildcardcertificatefor
*.yourcompany.com,theSASeriesApplianceusesthesamecertificatetoauthenticate
userswhosignintoemployees.yourcompany.comasitdoestoauthenticateuserswho
signintopartners.yourcompany.com.
Associateeachhostnamewithitsowncertificate—Withthismethod,youassociate
differenthostnameswithdifferentcertificates.SincetheSASeriesAppliancedoes
notknowthehostnamethattheend-userusestosignintotheSASeriesAppliance,
however,youmustcreateavirtualportforeachhostnameandthenassociateyour
certificateswiththevirtualports.AvirtualportactivatesanIPaliasonaphysicalport.
Forexample,youmaychoosetocreatetwovirtualportsonasingleappliance,mapping
thefirstvirtualporttotheIPaddress10.10.10.1(sales.yourcompany.com)andthe
secondvirtualporttotheIPaddress10.10.10.2(partners.yourcompany.com).Then,
youcanassociateeachofthesevirtualportswithitsowncertificate,ensuringthatthe
InfranetControllerauthenticatesdifferentusersthroughdifferentcertificates.
Related
Documentation
ImportingCertificatesIntotheSecureAccessServiceonpage728
ConfiguringVirtualPortsonpage693
AssociatingDifferentCertificateswithDifferentVirtualPorts
Toassociatedifferentcertificateswithdifferentvirtualports:
1.
Intheadminconsole,navigatetotheSystem>Network>InternalPorttaborPort
1tab.Then,createyourvirtualportsusingsettingsintheVirtualPortspage.
2.
Importthedevicecertificatesthatyouwanttousetovalidateusercertificates.You
canimportcertificatesfromtheSystem>Configuration>Certificates>Device
CertificatespageoftheadminconsoleortheMaintenance>Import/Export>System
Configurationpageoftheadminconsole.
Copyright©2012,JuniperNetworks,Inc.
734
JunosPulseSecureAccessServiceAdministrationGuide
Documents you may be interested
Documents you may be interested