Enabling the Junoscript Interface for vGW Series

To allow the vGW Series to gain access to the SRX Series device for zone synchronization, you must enable the secure Junoscript XML scripting API. To do so:

  1. Generate a digital Secure Sockets Layer (SSL) certificate, and install it on the SRX Series device.
    1. Enter the following openssl command in your SSH command-line interface on a BSD or Linux system on which openssl is installed. The openssl command generates a self-signed SSL certificate in privacy-enhanced mail (PEM) format. It writes the certificate and an unencrypted 1024-bit RSA private key to the specified file.
      % openssl req -x509 -nodes -newkey rsa:1024 -keyout mycert.pem -out mycert.pem
    2. Type the appropriate information in the identification form, when prompted. For example, type US for the county name.
    3. Copy the certificate that you generated from the operating system to the SRX Series device. In this example, the certificate is copied to the /var/tmp/ directory.
      scp mycert.pem user@host:/var/tmp/
    4. Install the mycert.pem SSL certificate on the SRX Series device. Using the CLI, enter the following statement in configuration mode:
      [edit]user@host# set security certificates local mycert load-key-file /var/tmp/mycert.pem
  2. Enable HTTPS for Web management access at the system level. Specify the SSL certificate and the web management port.

    You can enable HTTPS access on specified interfaces. If you do not specify an interface, HTTPS is enabled on all interfaces. In this example, ge-0/0/0.0 is used.

    [edit]user@host# set system services web-management https local-certificate mycertuser@host# set system services web-management https interface ge-0/0/0.0 user@host# set system services web-management https port 443
  3. Configure the zone to allow HTTPS as the protocol for host inbound traffic for Web management on all of its interfaces.
    [edit]user@host# set security zones security-zone trust host-inbound-traffic system services https
  4. Configure the IP address for the interface, if it is not already configured.
  5. Enable Junoscript communications using the newly created certificate:
    [edit] user@srx# set system services xnm-ssl local-certificate mycert

Related Documentation