Technical Documentation

Configuring Secure Access with a Configuration Editor for the SRX 100 Services Gateway

You can manage your services gateway using a secure Web connection by enabling Hypertext Transfer Protocol over Secure Sockets Layer (HTTPS).

To enable HTTPS on your services gateway:

Navigate to the top of the configuration hierarchy in either the J-Web or the CLI configuration editor.
Perform the configuration tasks described in Table 1.
If you are finished configuring the services gateway, commit the configuration.
Verify the secure Web access configuration.

Table 1: Configuring Secure Web Access

Task	J-Web Configuration Editor	CLI Configuration Editor
Navigate to the Security level in the configuration hierarchy.	In the J-Web interface, select Configuration>View and Edit>Edit Configuration. Next to Security, click Configure or Edit.	From the [edit] hierarchy level, enter edit security
Import the SSL certificate that you have generated—for example, new.	Next to Certificates, click Configure. Next to Local, click Add new entry. In the Name box, type a name for the certificate to be imported—for example, new. In the Certificate box, paste the generated SSL certificate and private key. Click OK.	Enter set certificates local new load-key-filepath Replace path with a path or URL to the file containing an SSL certificate and private key in PEM format—for example, /var/tmp/new.pem
Enable HTTPS access and specify the SSL certificate to be used for authentication. Specify the port on which HTTPS access is to be enabled—for example, TCP port 8443.	On the main Configuration page next to System, click Configure or Edit. Select the Services box and click Edit next to it. Next to Web management, click Edit. Select the Https box and click Edit next to it. In the Local certificate box, type the name of the certificate—for example, new. In the Port box, type 8443. Click OK.	From the [edit system] hierarchy level, enter set services web-management https local-certificate new port 8443

Task

J-Web Configuration Editor

CLI Configuration Editor

Navigate to the Security level in the configuration hierarchy.

In the J-Web interface, select Configuration>View and Edit>Edit Configuration.
Next to Security, click Configure or Edit.

From the [edit] hierarchy level, enter

edit security

Import the SSL certificate that you have generated—for example, new.

Next to Certificates, click Configure.
Next to Local, click Add new entry.
In the Name box, type a name for the certificate to be imported—for example, new.
In the Certificate box, paste the generated SSL certificate and private key.
Click OK.

Enter

set certificates local new load-key-filepath

Replace path with a path or URL to the file containing an SSL certificate and private key in PEM format—for example, /var/tmp/new.pem

Enable HTTPS access and specify the SSL certificate to be used for authentication.

Specify the port on which HTTPS access is to be enabled—for example, TCP port 8443.

On the main Configuration page next to System, click Configure or Edit.
Select the Services box and click Edit next to it.
Next to Web management, click Edit.
Select the Https box and click Edit next to it.
In the Local certificate box, type the name of the certificate—for example, new.
In the Port box, type 8443.
Click OK.

From the [edit system] hierarchy level, enter

set services web-management https local-certificate new port 8443

Note: You can enable HTTPS access on specified interfaces also. If you enable HTTPS without specifying an interface, HTTPS is enabled on all interfaces.

Technical Documentation

Configuring Secure Access with a Configuration Editor for the SRX 100 Services Gateway

Published: 2009-08-17