Feeds

Hardwired crypto certificate FAIL bricks Juniper router kit

Is this the final nail in the dusty gear's coffin, wonder sysadmins

The Essential Guide to IT Transformation

Sysadmins with older Juniper Networks kit have been left scrambling to keep their networks running after a security certificate expiration bricked their boxen.

The issue has been keeping mailing lists like AusNOG and J-NSP busy as users tried to work out whether it was a deliberate strategy to force people off the EOL gear – and whether there's a workaround.

Users of EOL kit like J2300 and J4300 routers discovered that Juniper Networks used a hard-coded X.509 cryptographic certificate in the systems – and that cert, which is used to securely connect to Juniper to check the customer's software licence for the router is up to date, has now expired.

With an old operating system version installed as well (prior to JunOS 12.1), the router can't verify the identity of the Juniper systems as the SSL cert is now invalid. This means it ultimately treats the installed software as unlicensed, and stops working.

According to a Q&A posted to AusNOG by Eintelligo's Skeeve Stevens here, Juniper is aware of the issue. Users with a current Juniper Networks tech support login are advised to check the knowledge base for TSB16366 (login required).

While Juniper says new JunOS 11.4 releases “will have the relevant certificate added as part of the image”, it seems the oldest OS versions – such as 9.6 – have to be upgraded because they're EOL. ®

The Essential Guide to IT Transformation

More from The Register

next story
Sysadmin Day 2014: Quick, there's still time to get the beers in
He walked over the broken glass, killed the thugs... and er... reconnected the cables*
Multipath TCP speeds up the internet so much that security breaks
Black Hat research says proposed protocol will bork network probes, flummox firewalls
VMware builds product executables on 50 Mac Minis
And goes to the Genius Bar for support
Auntie remains MYSTIFIED by that weekend BBC iPlayer and website outage
Still doing 'forensics' on the caching layer – Beeb digi wonk
Microsoft's Euro cloud darkens: US FEDS can dig into foreign servers
They're not emails, they're business records, says court
Microsoft says 'weird things' can happen during Windows Server 2003 migrations
Fix coming for bug that makes Kerberos croak when you run two domain controllers
Cisco says network virtualisation won't pay off everywhere
Another sign of strain in the Borg/VMware relationship?
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.