Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation  Back up to About Overview 
ContentIndex
  
[+] Expand All
[-] Collapse All

No index entries found.

https (Services User Identification)

Syntax

https (certificate local-certificate; certificate-key local-certificate-key;default-certificate;pki-local-certificate certificate-name;port port-number;)

Hierarchy Level

[edit services user-identification authentication-source name user-query web-server name connect-method]

Release Information

Statement introduced in Junos OS Release 12.3X48-D30.

Description

Configure HTTPS as the connection protocol used for the SRX Series connection to the ClearPass Policy Manager (CPPM) for user query requests. You identify the connection protocol as part of the configuration that identifies the CPPM webserver.

The integrated ClearPass authentication and enforcement user query function allows the SRX Series device to request from the CPPM user authentication and identity information for an individual when the SRX Series ClearPass authentication table does not contain that information.

The connect-method configuration is optional. If it is not configured, a default value of HTTPS is assumed.

Note: This configuration assumes that aruba-clearpass is specified as the authentication source.

Options

https

Specifies use of the encrypted HTTPS protocol. (Mutually exclusive with HTTP.)

default-certificate

Configures the Web API daemon (webapi) to use the default HTTPS certificate.

For security reasons, the HTTPS default-certificate key size 2048.

certificate filename

Configures the Web API daemon to use a specified, custom certificate file.

The Web API supports only the Privacy-Enhanced Mail (PEM) format for the custom certificate and certificate key configuration.

certificate-key local-certificate-key

Configures the Web API daemon service certificate key. This parameter is required if a custom service certificate file is configured.

pki-local-certificate pki-certificate

Configures the Web API daemon to use the local X.509 PKI certificate.

port port-number

Configures the HTTPS service port. The default port is 8443.

Range: 1 through 65535

Required Privilege Level

  • services—To view this statement in the configuration.
  • services-control—To add this statement to the configuration.

Modified: 2016-05-01