Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Example: Configuring Secure Web Access

    This example shows how to configure secure Web access on your device.

    Requirements

    No special configuration beyond device initialization is required before configuring this feature.

    Note: You can enable HTTPS access on specified interfaces. If you enable HTTPS without specifying an interface, HTTPS is enabled on all interfaces.

    Overview

    In this example, you import the SSL certificate that you have generated as a new and private key in PEM format. You then enable HTTPS access and specify the SSL certificate to be used for authentication. Finally, you specify the port as 8443 on which HTTPS access is to be enabled.

    Configuration

    CLI Quick Configuration

    To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, copy and paste the commands into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode.

    set security certificates local new load-key-file /var/tmp/new.pem set system services web-management https local-certificate new port 8443

    Step-by-Step Procedure

    The following example requires you to navigate various levels in the configuration hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration Mode in the CLI User Guide.

    To configure secure Web access on your device:

    1. Import the SSL certificate and private key.
      [edit security]user@host# set certificates local new load-key-file /var/tmp/new.pem
    2. Enable HTTPS access and specify the SSL certificate and port.
      [edit system]user@host# set services web-management https local-certificate new port 8443

    Results

    From configuration mode, confirm your configuration by entering the show security command. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.

    [edit]user@host# show security
    certificates {local {new { "-----BEGIN RSA PRIVATE KEY-----\nMIICXQIBAAKBgQC/C5UI4frNqbi qPwbTiOkJvqoDw2YgYse0Z5zzVJyErgSg954T\nEuHM67Ck8hAOrCnb0YO+SY Y5rCXLf4+2s8k9EypLtYRw/Ts66DZoXI4viqE7HSsK\n5sQw/UDBIw7/MJ+OpA ... KYiFf4CbBBbjlMQJ0HFudW6ISVBslONkzX+FT\ni95ddka6iIRnArEb4VFCRh+ e1QBdp1UjziYf7NuzDx4Z\n -----END RSA PRIVATE KEY-----\n-----BEGIN CERTIFICATE----- \nMIIDjDCCAvWgAwIBAgIBADANBgkqhkiG9w0BAQQ ... FADCBkTELMAkGA1UEBhMCdXMx\nCzAJBgNVBAgTAmNhMRIwEAYDVQQHEwlzdW5ue HB1YnMxDTALBgNVBAMTBGpucHIxJDAiBgkqhkiG\n9w0BCQEWFW5iaGFyZ2F2YUB fLUYAnBYmsYWOH\n -----END CERTIFICATE-----\n"; ## SECRET-DATA}}}

    If you are done configuring the device, enter commit from configuration mode.

    Verification

    Confirm that the configuration is working properly.

    Verifying an SSL Certificate Configuration

    Purpose

    Verify the SSL certificate configuration.

    Action

    From operational mode, enter the show security command.

    Verifying a Secure Access Configuration

    Purpose

    Verify the secure access configuration.

    Action

    From operational mode, enter the show system services command. The following sample output displays the sample values for secure Web access:

    [edit]user@host# show system services
    web-management {http;https {port 8443;local-certificate new;}}

    Modified: 2016-08-10