Technical Documentation

Generating SSL Certificates for the SRX650 Services Gateway

To enable secure Web access, you must first generate a digital SSL certificate and then enable HTTPS access on the services gateway.

To generate an SSL certificate:

  1. Enter the following openssl command in your SSH CLI. The openssl command generates a self-signed SSL certificate in Privacy-Enhanced Mail (PEM) format. It writes the certificate and an unencrypted 1024-bit RSA private key to the specified file.

    % openssl req –x509 –nodes –newkey rsa:1024 –keyout filename.pem -out filename.pem

    Replace filename with the name of a file in which you want the SSL certificate to be written—for example, new.pem.

  2. When prompted, type the appropriate information in the identification form. For example, type US for the country name.
  3. Display the contents of the file new.pem.

    cat new.pem

    Copy the contents of this file for installing the SSL certificate.

You can use either J-Web Quick Configuration or a configuration editor to install the SSL certificate and enable HTTPS.

Updated: 2009-04-23