Generating SSL Certificates

You can set up secure Web access for the QFX Series. To enable secure Web access, you must generate a digital Secure Sockets Layer (SSL) certificate and then enable HTTPS access on the switch.

To generate an SSL certificate:

1. Enter the following openssl command in the SSH command-line interface on a BSD or Linux system on which openssl is installed. The openssl command generates a self-signed SSL certificate in the privacy-enhanced mail (PEM) format. It writes the certificate and an unencrypted 1024-bit RSA private key to the specified file.

   % openssl req –x509 –nodes –newkey rsa:1024 –keyout filename.pem -out filename.pem

   where filename is the name of a file in which you want the SSL certificate to be written—for example, my-certificate.

2. When prompted, type the appropriate information in the identification form. For example, type US for the country name.
3. Display the contents of the file that you created.

   cat my-certificate.pem

You can use the J-Web interface Configuration page to install the SSL certificate on the switch. To do this, copy the file containing the certificate from the BSD or Linux system to the switch. Then open the file, copy its contents, and paste them into the Certificate box on the J-Web interface Secure Access Configuration page.

You can also use the following CLI statement to install the SSL certificate on the switch:

Related Documentation

• Configuring System Identity
• Configuring Management Access
• Managing Users
• Configuring the Date and Time
• Using the Commit Options to Commit Configuration Changes