Configuring Redirect Server to Support HTTPS Traffic (SRC CLI)
The SRC software supports to redirect HTTPS IP traffic to a configured destination Web server by using the redirect server. The SRC software intercepts the IP traffic at port 443 and forward it to the port in which the redirect server is configured to listen for HTTPS IP traffic. The redirect server accepts HTTPS IP traffic only from the ports that you configured by using the https-port option at the [edit redirect-server ip-redirect] hierarchy level.
Before you start with setting up a redirection for HTTPS IP traffic, you must create a certificate with the domain name of the URL.
Whenever you open up an HTTPS page, you get a security warning in the browser for the mismatch between common name of the certificate with the domain name of the URL until you add an exception for the certificate in the browser.
Use the following statements to configure the redirect server to support HTTPS IP traffic:
To configure the redirect server to support HTTPS IPv4 traffic:
- In configuration mode, enter the configuration statement
that enables the SRC redirect server to redirect HTTPS IPv4 traffic
to a configured destination Web server.[edit]user@host# redirect-server https
- Configure the HTTPS port on which the redirect server
runs. [edit redirect-server https]user@host# set port port
- Configure the imported Secure Sockets Layer (SSL) certificate.
To import the SSL certificate, use the request security import-certificate command.
For information about manually obtaining certificates, see Manually Obtaining Digital Certificates (SRC CLI).
[edit redirect-server https]user@host# certificate-identifier certificate-identifier - Configure the secure connection protocol to be used by
the redirect server for IPv4 traffic. The default protocol is TLSv1.[edit redirect-server https]user@host# protocol (SSLv23 | SSLv3 | TLSv1 | TLSv1.1 | TLSv1.2)
Note SSLv2 is not supported from SRC 4.12 release. When you upgrade to SRC 4.12 release, you must change this option to a supported version SSLv23, TLSv1, TLSv1.1, or TLSv1.2 if you have configured SSLv2 in the previous SRC release, and then restart the redirect server. We recommend you to configure TLSv1.2 to avoid vulnerabilities.
To configure the redirect server to support HTTPS IPv6 traffic:
- In configuration mode, enter the configuration statement
that enables the SRC redirect server to redirect HTTPS IPv6 traffic
to a configured destination Web server.[edit]user@host# redirect-server ipv6-redirect https
- Configure the HTTPS port on which the redirect server
runs.[edit redirect-server ipv6-redirect https]user@host# set port port
- Configure the imported Secure Sockets Layer (SSL) certificate.
To import the SSL certificate, use the request security import-certificate command.
For information about manually obtaining certificates, see Manually Obtaining Digital Certificates (SRC CLI).
[edit redirect-server ipv6-redirect https]user@host# certificate-identifier certificate-identifier - Configure the secure connection protocol to be used by
the redirect server for IPv6 traffic. The default protocol is TLSv1.[edit redirect-server ipv6-redirect https]user@host# protocol (SSLv23 | SSLv3 | TLSv1 | TLSv1.1 | TLSv1.2)