Configuring Secure Web Access with a Configuration Editor

You can manage your Juniper Networks device using a secure Web connection by enabling HTTPS.

To enable HTTPS on your device:

In either the J-Web or CLI configuration editor, navigate to the top of the configuration hierarchy.
Perform the configuration tasks described in Table 7.
If you are finished configuring the device, commit the configuration.
To check the configuration, see Verifying Secure Web Access.

Table 7: Configuring a Secure Web Access

Task	J-Web Configuration Editor	CLI Configuration Editor
Navigate to the Security level in the configuration hierarchy.	In the J-Web interface, select CLI Tools>Point and Click CLI. Next to Security, click Configure or Edit.	From the [edit] hierarchy level, enter edit security
Import the SSL certificate that you have generated—for example, new. For information about generating SSL certificates, see Generating SSL Certificates.	Next to Certificates, click Configure. Next to Local, click Add new entry. In the Name box, type a name for the certificate to be imported—for example, new. In the Certificate box, paste the generated SSL certificate and private key. Click OK.	Enter set certificates local new load-key-filepath Replace path with a path or URL to the file containing an SSL certificate and private key in PEM format—for example, /var/tmp/new.pem
Enable HTTPS access and specify the SSL certificate to be used for authentication. Specify the port on which HTTPS access is to be enabled—for example, TCP port 8443. Note: You can enable HTTPS access on specified interfaces also. If you enable HTTPS without specifying an interface, HTTPS is enabled on all interfaces.	On the main Configuration page next to System, click Configure or Edit. Select the Services check box and click Edit next to it. Next to Web management, click Edit. Select the Https check box and click Edit next to it. In the Local certificate box, type the name of the certificate—for example, new. In the Port box, type 8443. Click OK.	From the [edit system] hierarchy level, enter set services web-management https local-certificate new port 8443

Task

J-Web Configuration Editor

CLI Configuration Editor

Navigate to the Security level in the configuration hierarchy.

In the J-Web interface, select CLI Tools>Point and Click CLI.
Next to Security, click Configure or Edit.

From the [edit] hierarchy level, enter

edit security

Import the SSL certificate that you have generated—for example, new.

For information about generating SSL certificates, see Generating SSL Certificates.

Next to Certificates, click Configure.
Next to Local, click Add new entry.
In the Name box, type a name for the certificate to be imported—for example, new.
In the Certificate box, paste the generated SSL certificate and private key.
Click OK.

Enter

set certificates local new load-key-filepath

Replace path with a path or URL to the file containing an SSL certificate and private key in PEM format—for example, /var/tmp/new.pem

Enable HTTPS access and specify the SSL certificate to be used for authentication.

Specify the port on which HTTPS access is to be enabled—for example, TCP port 8443.

Note: You can enable HTTPS access on specified interfaces also. If you enable HTTPS without specifying an interface, HTTPS is enabled on all interfaces.

On the main Configuration page next to System, click Configure or Edit.
Select the Services check box and click Edit next to it.
Next to Web management, click Edit.
Select the Https check box and click Edit next to it.
In the Local certificate box, type the name of the certificate—for example, new.
In the Port box, type 8443.
Click OK.

From the [edit system] hierarchy level, enter

set services web-management https local-certificate new port 8443