Juniper Networks MX304 and EX4100 with MACsec

Certificate #5118

Webpage information

Status active
Validation dates 09.01.2026
Sunset date 08-01-2031
Standard FIPS 140-3
Security level 1
Type Hardware
Embodiment Multi-Chip Stand Alone
Caveat When installed, initialized and configured as specified in Section 11.1 of the Security Policy. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs.
Exceptions
  • Roles, services, and authentication: Level 2
  • Non-invasive security: N/A
  • Mitigation of other attacks: N/A
Description Juniper Networks MX304 Universal Routing Platform is a cloud-era platform that cost effectively addresses the evolutionary edge and metro Ethernet needs of service providers, mobile operators, web-scale operators, and multiple-service operators (MSOs). The Juniper Networks EX4100 line of Ethernet Switches offers a secure, cloud-ready portfolio of access switches ideal for enterprise branch, campus, and data center networks.
Vendor Juniper Networks, Inc.
References

This certificate's webpage directly references 0 certificates, transitively this expands into 0 certificates.
Webpage

Security policy

Security target PDF TXT

Symmetric Algorithms
AES-128, AES-192, AES-256, AES, CAST, HMAC
Asymmetric Algorithms
RSA 2048, RSA 4096, ECDH, ECDSA, Diffie-Hellman, DH
Hash functions
SHA-1
Schemes
MAC, Key Exchange, Key Agreement
Protocols
SSH, SSHv2
Randomness
DRBG, RBG
Libraries
OpenSSL
Elliptic Curves
P-256, P-384, P-521
Block cipher modes
CBC, CTR, GCM

Trusted Execution Environments
PSP

Security level
Level 1, level 1

Standards
FIPS 140-3, FIPS PUB 140-3, FIPS186-4, FIPS 186-4, FIPS 198-1, FIPS186-5, FIPS 186-5, FIPS 180-4, SP 800-38A, SP 800-56A, SP 800-135, SP 800-38B, SP 800-38F, SP 800-108, SP 800-38D, SP 800-90A, SP 800-133, ISO/IEC 19790:2012, X.509

File metadata

Author Hawes, David J. (Fed)
Creation date D:20260107075405-05'00'
Modification date D:20260107075605-05'00'
Pages 35
Creator Microsoft® Word for Microsoft 365
Producer Microsoft® Word for Microsoft 365

Heuristics

Automated inference - use with caution

All attributes shown in this section (e.g., links between certificates, products, vendors, and known CVEs) are generated by automated heuristics and have not been reviewed by humans. These methods can produce false positives or false negatives and should not be treated as definitive without independent verification. For details on our data sources and inference methods, see our methodology. If you believe any information here is inaccurate or harmful, please submit feedback.

References

No references are available for this certificate.

Updates

  • The certificate data changed.
  • The certificate was first processed.

Raw data 

{
  "_type": "sec_certs.sample.fips.FIPSCertificate",
  "cert_id": 5118,
  "dgst": "555850e8f7f153d3",
  "heuristics": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
    "algorithms": {
      "_type": "Set",
      "elements": []
    },
    "cpe_matches": {
      "_type": "Set",
      "elements": [
        "cpe:2.3:h:juniper:ex4100-f:-:*:*:*:*:*:*:*",
        "cpe:2.3:h:juniper:mx304:-:*:*:*:*:*:*:*",
        "cpe:2.3:h:juniper:ex4100-h:-:*:*:*:*:*:*:*",
        "cpe:2.3:h:juniper:ex4100:-:*:*:*:*:*:*:*"
      ]
    },
    "direct_transitive_cves": null,
    "extracted_versions": {
      "_type": "Set",
      "elements": [
        "-"
      ]
    },
    "indirect_transitive_cves": null,
    "module_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "module_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "policy_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "policy_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "related_cves": null,
    "verified_cpe_matches": null
  },
  "pdf_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
    "keywords": {
      "asymmetric_crypto": {
        "ECC": {
          "ECDH": {
            "ECDH": 1
          },
          "ECDSA": {
            "ECDSA": 32
          }
        },
        "FF": {
          "DH": {
            "DH": 33,
            "Diffie-Hellman": 4
          }
        },
        "RSA": {
          "RSA 2048": 3,
          "RSA 4096": 3
        }
      },
      "certification_process": {},
      "cipher_mode": {
        "CBC": {
          "CBC": 1
        },
        "CTR": {
          "CTR": 1
        },
        "GCM": {
          "GCM": 2
        }
      },
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {
        "OpenSSL": {
          "OpenSSL": 6
        }
      },
      "crypto_protocol": {
        "SSH": {
          "SSH": 146,
          "SSHv2": 1
        }
      },
      "crypto_scheme": {
        "KA": {
          "Key Agreement": 7
        },
        "KEX": {
          "Key Exchange": 1
        },
        "MAC": {
          "MAC": 17
        }
      },
      "device_model": {},
      "ecc_curve": {
        "NIST": {
          "P-256": 30,
          "P-384": 22,
          "P-521": 22
        }
      },
      "eval_facility": {},
      "fips_cert_id": {},
      "fips_certlike": {
        "Certlike": {
          "AES 4550": 2,
          "AES CBC 128/192/256": 1,
          "AES-128": 1,
          "AES-192": 1,
          "AES-256": 1,
          "DRBG 256": 3,
          "HMAC-SHA-1": 18,
          "RSA 2048": 3,
          "RSA 4096": 3,
          "SHA-1": 5,
          "SHA2- 256": 4,
          "SHA2- 384": 1,
          "SHA2- 512": 3,
          "SHA2-256": 15,
          "SHA2-384": 7,
          "SHA2-512": 10
        }
      },
      "fips_security_level": {
        "Level": {
          "Level 1": 4,
          "level 1": 2
        }
      },
      "hash_function": {
        "SHA": {
          "SHA1": {
            "SHA-1": 5
          }
        }
      },
      "ic_data_group": {},
      "javacard_api_const": {},
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {},
      "randomness": {
        "PRNG": {
          "DRBG": 54
        },
        "RNG": {
          "RBG": 2
        }
      },
      "side_channel_analysis": {},
      "standard_id": {
        "FIPS": {
          "FIPS 140-3": 45,
          "FIPS 180-4": 10,
          "FIPS 186-4": 6,
          "FIPS 186-5": 5,
          "FIPS 198-1": 6,
          "FIPS PUB 140-3": 1,
          "FIPS186-4": 14,
          "FIPS186-5": 10
        },
        "ISO": {
          "ISO/IEC 19790:2012": 1
        },
        "NIST": {
          "SP 800-108": 1,
          "SP 800-133": 1,
          "SP 800-135": 1,
          "SP 800-38A": 3,
          "SP 800-38B": 1,
          "SP 800-38D": 3,
          "SP 800-38F": 1,
          "SP 800-56A": 2,
          "SP 800-90A": 1
        },
        "X509": {
          "X.509": 2
        }
      },
      "symmetric_crypto": {
        "AES_competition": {
          "AES": {
            "AES": 8,
            "AES-128": 1,
            "AES-192": 1,
            "AES-256": 1
          },
          "CAST": {
            "CAST": 58
          }
        },
        "constructions": {
          "MAC": {
            "HMAC": 42
          }
        }
      },
      "tee_name": {
        "AMD": {
          "PSP": 8
        }
      },
      "tls_cipher_suite": {},
      "vendor": {},
      "vulnerability": {}
    },
    "policy_metadata": {
      "/Author": "Hawes, David J. (Fed)",
      "/CreationDate": "D:20260107075405-05\u002700\u0027",
      "/Creator": "Microsoft\u00ae Word for Microsoft 365",
      "/MSIP_Label_4dd2c6e0-f1e3-4cf2-bd0b-256ab4cff3af_ActionId": "b984d62a-5f01-4b5a-b7e4-a075607ff75a",
      "/MSIP_Label_4dd2c6e0-f1e3-4cf2-bd0b-256ab4cff3af_ContentBits": "1",
      "/MSIP_Label_4dd2c6e0-f1e3-4cf2-bd0b-256ab4cff3af_Enabled": "true",
      "/MSIP_Label_4dd2c6e0-f1e3-4cf2-bd0b-256ab4cff3af_Method": "Privileged",
      "/MSIP_Label_4dd2c6e0-f1e3-4cf2-bd0b-256ab4cff3af_Name": "UNCLASSIFIED",
      "/MSIP_Label_4dd2c6e0-f1e3-4cf2-bd0b-256ab4cff3af_SetDate": "2026-01-07T12:35:04Z",
      "/MSIP_Label_4dd2c6e0-f1e3-4cf2-bd0b-256ab4cff3af_SiteId": "da9cbe40-ec1e-4997-afb3-17d87574571a",
      "/MSIP_Label_4dd2c6e0-f1e3-4cf2-bd0b-256ab4cff3af_Tag": "10, 0, 1, 1",
      "/ModDate": "D:20260107075605-05\u002700\u0027",
      "/Producer": "Microsoft\u00ae Word for Microsoft 365",
      "pdf_file_size_bytes": 2376085,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": [
          "http://www.teronlabs.com/",
          "https://csrc.nist.gov/projects/cryptographic-module-validation-program/entropy-validations/certificate/103",
          "https://csrc.nist.gov/projects/cryptographic-module-validation-program/entropy-validations/certificate/104"
        ]
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 35
    }
  },
  "state": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
    "module_download_ok": true,
    "module_extract_ok": true,
    "policy_convert_ok": true,
    "policy_download_ok": true,
    "policy_extract_ok": true,
    "policy_json_hash": null,
    "policy_pdf_hash": "c3ff416b75cd017e9fac028340166986a27ff3a7da308637f83c188377906f72",
    "policy_txt_hash": "98b4618985bcc87086a9c51cdbe13d1d6fa47427aabe29f4b1b0a1df49ffea2b"
  },
  "web_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
    "caveat": "When installed, initialized and configured as specified in Section 11.1 of the Security Policy. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs.",
    "certificate_pdf_url": null,
    "date_sunset": "2031-01-08",
    "description": "Juniper Networks MX304 Universal Routing Platform is a cloud-era platform that cost effectively addresses the evolutionary edge and metro Ethernet needs of service providers, mobile operators, web-scale operators, and multiple-service operators (MSOs). The Juniper Networks EX4100 line of Ethernet Switches offers a secure, cloud-ready portfolio of access switches ideal for enterprise branch, campus, and data center networks.",
    "embodiment": "Multi-Chip Stand Alone",
    "exceptions": [
      "Roles, services, and authentication: Level 2",
      "Non-invasive security: N/A",
      "Mitigation of other attacks: N/A"
    ],
    "fw_versions": null,
    "historical_reason": null,
    "hw_versions": null,
    "level": 1,
    "mentioned_certs": {},
    "module_name": "Juniper Networks MX304 and EX4100 with MACsec",
    "module_type": "Hardware",
    "revoked_link": null,
    "revoked_reason": null,
    "standard": "FIPS 140-3",
    "status": "active",
    "sw_versions": null,
    "tested_conf": null,
    "validation_history": [
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2026-01-09",
        "lab": "Teron Labs",
        "validation_type": "Initial"
      }
    ],
    "vendor": "Juniper Networks, Inc.",
    "vendor_url": "http://www.juniper.net"
  }
}