Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Configuring Redirect Server to Support HTTPS Traffic (SRC CLI)

    The SRC software supports to redirect HTTPS IP traffic to a configured destination Web server by using the redirect server. The SRC software intercepts the IP traffic at port 443 and forward it to the port in which the redirect server is configured to listen for HTTPS IP traffic. The redirect server accepts HTTPS IP traffic only from the ports that you configured by using the https-port option at the [edit redirect-server ip-redirect] hierarchy level.

    Before you start with setting up a redirection for HTTPS IP traffic, you must create a certificate with the domain name of the URL.

    Note: Whenever you open up an HTTPS page, you get a security warning in the browser for the mismatch between common name of the certificate with the domain name of the URL until you add an exception for the certificate in the browser.

    Use the following statements to configure the redirect server to support HTTPS IP traffic:

    redirect-server https { port port;certificate-identifier certificate-identifier ;protocol (SSLv2 | SSLv23 | SSLv3 | TLSv1);}
    redirect-server ipv6-redirect https {port port;certificate-identifier certificate-identifier;protocol (SSLv2 | SSLv23 | SSLv3 | TLSv1);}

    Note: We recommend that you do not use the SSLv2 protocol, because it is deprecated.

    To configure the redirect server to support HTTPS IPv4 traffic:

    1. In configuration mode, enter the configuration statement that enables the SRC redirect server to redirect HTTPS IPv4 traffic to a configured destination Web server.
      [edit]user@host# redirect-server https
    2. Configure the HTTPS port on which the redirect server runs.
      [edit redirect-server https]user@host# set port port
    3. Configure the imported Secure Sockets Layer (SSL) certificate. To import the SSL certificate, use the request security import-certificate command.

      For information about manually obtaining certificates, see Manually Obtaining Digital Certificates (SRC CLI).

      [edit redirect-server https]user@host# certificate-identifier certificate-identifier
    4. Configure the secure connection protocol to be used by the redirect server for IPv4 traffic. The default protocol is TLSv1.
      [edit redirect-server https]user@host# protocol (SSLv2 | SSLv23 | SSLv3 | TLSv1)

    To configure the redirect server to support HTTPS IPv6 traffic:

    1. In configuration mode, enter the configuration statement that enables the SRC redirect server to redirect HTTPS IPv6 traffic to a configured destination Web server.
      [edit]user@host# redirect-server ipv6-redirect https
    2. Configure the HTTPS port on which the redirect server runs.
      [edit redirect-server ipv6-redirect https]user@host# set port port
    3. Configure the imported Secure Sockets Layer (SSL) certificate. To import the SSL certificate, use the request security import-certificate command.

      For information about manually obtaining certificates, see Manually Obtaining Digital Certificates (SRC CLI).

      [edit redirect-server ipv6-redirect https]user@host# certificate-identifier certificate-identifier
    4. Configure the secure connection protocol to be used by the redirect server for IPv6 traffic. The default protocol is TLSv1.
      [edit redirect-server ipv6-redirect https]user@host# protocol (SSLv2 | SSLv23 | SSLv3 | TLSv1)

    Published: 2014-12-10