Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Generating SSL Certificates

    To enable secure Web access, you must first generate a digital SSL certificate, and then enable HTTPS access on the QFX Series.

    You can set up secure Web access for the QFX Series. To enable secure Web access, you must generate a digital Secure Sockets Layer (SSL) certificate and then enable HTTPS access on the switch.

    To generate an SSL certificate:

    1. Enter the following openssl command in the SSH command-line interface on a BSD or Linux system on which openssl is installed. The openssl command generates a self-signed SSL certificate in the privacy-enhanced mail (PEM) format. It writes the certificate and an unencrypted 1024-bit RSA private key to the specified file.

      % openssl req –x509 –nodes –newkey rsa:1024 –keyout filename.pem -out filename.pem

      where filename is the name of a file in which you want the SSL certificate to be written—for example, my-certificate.

    2. When prompted, type the appropriate information in the identification form. For example, type US for the country name.
    3. Display the contents of the file that you created.

      cat my-certificate.pem

    You can use the J-Web interface Configuration page to install the SSL certificate on the switch. To do this, copy the file containing the certificate from the BSD or Linux system to the switch. Then open the file, copy its contents, and paste them into the Certificate box on the J-Web interface Secure Access Configuration page.

    You can also use the following CLI statement to install the SSL certificate on the switch:

    [edit]
    user@switch# set security certificates local my-signed-cert load-key-file my-certificate.pem

    Published: 2013-08-15