Before You Begin

Before you begin initial configuration, complete the following tasks:

• Establish basic connectivity. See the Getting Started Guide for your device.
• Obtain an SSL certificate from a trusted signing authority. See Generating SSL Certificates.

Generating SSL Certificates

To enable secure Web access, you must first generate a digital SSL certificate, and then enable HTTPS access on the device. You can generate the SSL certificate on the Juniper Networks Services Gateway or by using another device.

Generating SSL Certificate using openssl command

To generate an SSL certificate using openssl command:

1. Enter the following openssl command in the command-line interface. The openssl command generates a self-signed SSL certificate in the privacy-enhanced mail (PEM) format. It writes the certificate and an unencrypted 1024-bit RSA private key to the specified file.

   Note: You should run this command on a LINUX or UNIX device since Juniper Networks Services Gateways do not support the openssl command.

   % openssl req –x509 –nodes –newkey rsa:1024 –keyout filename.pem -out filename.pem

   Replace filename with the name of a file in which you want the SSL certificate to be written—for example, new.pem.

2. When prompted, type the appropriate information in the identification form. For example, type US for the country name.
3. Display the contents of the file new.pem.

   cat new.pem

   Copy the contents of this file for installing the SSL certificate.

You can use either J-Web Quick Configuration or a configuration editor to install the SSL certificate and enable HTTPS.

Generating Self-Signed SSL Certificates on Juniper Networks Services Gateways

To generate a self-signed SSL certificate on Juniper Networks Services Gateway :

1. Reboot the system. The self-signed certificate is automatically generated at boot-up time.
   user@host> request system rebootReboot the system ? [yes,no] yes
2. After generating the self-signed certificate, specify system-generated-certificate under HTTPS Web management.
   [edit]user@host# show system services web-management https system-generated-certificate

Manually Generating Self-Signed SSL Certificates on Juniper Networks Services Gateways

To manually generate a self-signed SSL certificate on Juniper Networks Services Gateway:

1. If you have root login access, you can manually generate the self-signed certificate by using the following commands:
   root@host> request security pki generate-size 512 certificate-id certname

    
   Generated key pair sslcert, key size 512 bits

   root@host> request security pki local-certificate generate-self-signed certificate-id cert-name email email domain-name domain-name ip-address ip-address subject “DC= Domain name, CN= Common-Name, OU= Organizational-Unit-name, O= Organization-Name, ST= state, C= Country”

    
   Self-signed certificate generated and loaded succesfully

   Note: When generating the certificate, you must specify the subject, e-mail and either domain-name or ip-address.

2. After generating the self-signed certificate, specify local-certificate under HTTPS Web management.
   [edit]root@host# show system services web-management https local-certificate certname