TechLibrary

Navigation Back up to About Overview

ContentIndex

[+] Expand All

[-] Collapse All

Junos OS Release 12.3X48 Feature Guide
- New Features in Junos OS Release 12.3X48-D30
  - Integrated ClearPass Authentication and Enforcement
    - Understanding SRX Series Integrated ClearPass Authentication and Its Component Functions
      - Understanding the SRX Series Integrated ClearPass Authentication and Enforcement Feature
        Why You Need to Protect Your Environment With the SRX Series Integrated ClearPass Authentication and Enforcement Feature
        How the SRX Series Integrated ClearPass Authentication and Enforcement Feature Can Protect Your Network Environment
      - SRX Series Supported Platforms for the Integrated ClearPass Authentication and Enforcement Feature
      - Understanding How ClearPass Initiates a Session and Communicates User Authentication Information to the SRX Series Device Using the Web API
        Web API
        ClearPass Authentication Table
        Using HTTPS or HTTP for the Connection Protocol Between ClearPass and the SRX Series Device
        Ensuring the Integrity of Data Sent from ClearPass to the SRX Series Device
        Data Size Restrictions and Other Constraints
        Posture States and the Posture Group
      - Understanding Enforcement of ClearPass User and Group Authentication on the SRX Series Devices
        Understanding How the SRX Series Device Manages the ClearPass Authentication Table
        User Authentication Entries in the ClearPass Authentication Table
        Communication Between ClearPass and the SRX Series Device
        Understanding Domains and Interested Groups
        When a User Has Already Been Authenticated By Another Source
      - Understanding the Integrated ClearPass Authentication and Enforcement User Query Function
      - Understanding How the Integrated ClearPass Feature Detects Threats and Attacks and Notifies the CPPM
      - SRX Series Threat and Attack Logs Sent to Aruba ClearPass
    - Integrated ClearPass Authentication and Enforcement Examples
    - Integrated ClearPass Authentication and Enforcement CLI Configuration Statements
    - Integrated ClearPass Authentication and Enforcement CLI Operational Commands
- New Features in Junos OS Release 12.3X48-D20
- New Features in Junos OS Release 12.3X48-D15
- Requesting Technical Support
- Revision History

No index entries found.

Download This Guide

Download this guide: Junos OS Release 12.3X48 Feature Guide

https (System Services)

Syntax

https (certificate local-certificate; certificate-key local-certificate-key;default-certificate;pki-local-certificate certificate-name;port port-number;)

Hierarchy Level

[edit system services webapi connect-method]

Release Information

Statement introduced in Junos OS Release 12.3X48-D30.

Description

Specify use of HTTPS as the communication protocol for the Web API function of the SRX Series integrated ClearPass authentication and enforcement feature. When you configure HTTPS, you specify the service certificate and certificate key. You can also specify the port to be used.

The Web API daemon, acting as an HTTPS server, allows the ClearPass Policy Manager (CPPM), acting as the client, to send POST request messages to it. The CPPM, which is the authentication source for this feature, sends to the SRX Series device user authentication and identity information.

Note: If you deploy HTTPS with a Web management application, you must ensure that they run on different service ports.

Options

https

—

Specifies use of the encrypted HTTPS protocol. (Mutually exclusive with HTTP.)

default-certificate

—

Configures the Web API daemon (webapi) to use the default HTTPS certificate.

For security reasons, the HTTPS default-certificate key size 2048.

certificate filename

—

Configures the Web API daemon to use the specified, custom certificate file.

For certificate and certificate key configuration, the Web API function supports only the Privacy-Enhanced Mail (PEM) format.

certificate-key local-certificate-key

—

Configures the Web API daemon service certificate key. This parameter is required if a custom service certificate file is configured.

pki-local-certificate pki-certificate

—

Configures the Web API daemon to use the local X.509 PKI certificate.

port port-number

—

Configures the HTTPS service port. The default port is 8443.

Range: 1 through 65,535.

Required Privilege Level

system—To view this statement in the configuration.
system-control—To add this statement to the configuration.