Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation  Back up to About Overview 
ContentIndex
  
[+] Expand All
[-] Collapse All

No index entries found.

https (System Services)

Syntax

https (certificate local-certificate; certificate-key local-certificate-key;default-certificate;pki-local-certificate certificate-name;port port-number;)

Hierarchy Level

[edit system services webapi connect-method]

Release Information

Statement introduced in Junos OS Release 12.3X48-D30.

Description

Specify use of HTTPS as the communication protocol for the Web API function of the SRX Series integrated ClearPass authentication and enforcement feature. When you configure HTTPS, you specify the service certificate and certificate key. You can also specify the port to be used.

The Web API daemon, acting as an HTTPS server, allows the ClearPass Policy Manager (CPPM), acting as the client, to send POST request messages to it. The CPPM, which is the authentication source for this feature, sends to the SRX Series device user authentication and identity information.

Note: If you deploy HTTPS with a Web management application, you must ensure that they run on different service ports.

Options

https

Specifies use of the encrypted HTTPS protocol. (Mutually exclusive with HTTP.)

default-certificate

Configures the Web API daemon (webapi) to use the default HTTPS certificate.

For security reasons, the HTTPS default-certificate key size 2048.

certificate filename

Configures the Web API daemon to use the specified, custom certificate file.

For certificate and certificate key configuration, the Web API function supports only the Privacy-Enhanced Mail (PEM) format.

certificate-key local-certificate-key

Configures the Web API daemon service certificate key. This parameter is required if a custom service certificate file is configured.

pki-local-certificate pki-certificate

Configures the Web API daemon to use the local X.509 PKI certificate.

port port-number

Configures the HTTPS service port. The default port is 8443.

Range: 1 through 65,535.

Required Privilege Level

  • system—To view this statement in the configuration.
  • system-control—To add this statement to the configuration.

Modified: 2016-05-01