Support Support Downloads Knowledge Base Service Request Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Enabling HTTPS on EX Switching Platforms using J-WEB GUI

0

0

Article ID: KB19595 KB Last Updated: 18 Feb 2020Version: 3.0
Summary:

This article discusses how to enable a secure web session when the user already has access to the J-WEB GUI. It also provides an example on how to create a Linux SSL certificate using openssl, which can be imported and installed via J-Web. For steps on how to create and import SSL certificates from CLI, refer to: KB19726 - Generating and installing SSL certificate to be used for Secure Web Access

The openssl command generates a self-signed SSL certificate in the privacy-enhanced mail (PEM) format. It writes the certificate and an unencrypted 1024-bit RSA private key to the specified file. For more information, refer to the technical documentation on Generating SSL Certificates to Be Used for Secure Web Access.

Symptoms:

The data that is transmitted between the Web browser and the switch by means of HTTP is vulnerable to interception and attack. To enable secure Web access the switch supports HTTP over Secure Sockets Layer (HTTPS). We can enable HTTPS access on specific interfaces and ports through the J-WEB GUI or the CLI.

Solution:

Example:

% openssl req –x509 –nodes –newkey rsa:1024 –keyout filename.pem -out filename.pem

Replace filename with the name of a file in which you want the SSL certificate to be written—for example, new.pem. When prompted, type the appropriate information in the identification form.
For example, type US for the country name.

Listed below is the key that was generated:

-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCz9Zpt/VyzOtraGMLKQxjn30Sf7sA/3Db76IUPqyKDYko3Pecx
gN7EAatpXQ3nEwJqcoKuxk/8SCWRR9ksf4jPkkUFNOF7gM7Vv/H3sAEZuEIV+A+U
FwZELYj1LSwycP1T3wcwgu1T5RwywlWp2Puv/yJMJM9WO06uwufs5aJa1wIDAQAB
AoGAatw4q397gGI+equhX4GgVG/bzCx1tHYLoGJeQQOaJvJCp7L2igrAPRvQsWw0
STachKEiwK256VDeHfrQFwBUOA6/lxUwn4g1OX1EQ/t36Z6V1lY+7Sd54kXJlIzC
ZiMXnjMj+qSDOaks5KjRO+Cxs6gJ2Tf8Ob3l2V4jGzLD4yECQQDfn0YcjLn/EWY0
HB+fdvfAo1aRKrUbCWhoMtivC7AeIaG8k0jF6iazGT5CSHdPYB04aE8Tko1n10Z4
I81B9yr1AkEAzgPvbVMDtH4xuGypkjYOIxfIIyfk98ixxv68ii9vlDVWBUiVCHdO
5lg5RXdW/qoLEXja+tXjko4D4aRoVH+nGwJAd8z2XLkvs+x4WpZugpnTpQpciCzf
FXr2ykvjNfQHCD1wTnyBUjZdQTnW1t/Hu2h8fwmyw4OR6f20rQxRHHP0OQJAZfcy
qOR+n/YZu9MkdraEdsANkcDsJevSedCZFrf1vOBNLB5JjUAn8ABYkFZJ24/kHIi5
sY7trRrXNvY9oRzxYwJBAKaR7ZeqdLiJNhW32BWqsVkoMvfPTdEPWMbRS929uWES
Rnw5y2t2CTIkhRjp0Aee+UMPX9DsX0EKIPSAC/pvA7w=
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIDOjCCAqOgAwIBAgIJAPVEboWk6oKVMA0GCSqGSIb3DQEBBQUAMHIxCzAJBgNV
BAYTAkluMQswCQYDVQQIEwJDSDELMAkGA1UEBxMCQmExDDAKBgNVBAoTA05TQTEL
MAkGA1UECxMCc2QxCzAJBgNVBAMTAnNhMSEwHwYJKoZIhvcNAQkBFhJwYXJ0aGFA
anVuaXBlci5uZXQwHhcNMDkwMzE2MDMyNzI1WhcNMDkwNDE1MDMyNzI1WjByMQsw
CQYDVQQGEwJJbjELMAkGA1UECBMCQ0gxCzAJBgNVBAcTAkJhMQwwCgYDVQQKEwNO
U0ExCzAJBgNVBAsTAnNkMQswCQYDVQQDEwJzYTEhMB8GCSqGSIb3DQEJARYScGFy
dGhhQGp1bmlwZXIubmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz9Zpt
/VyzOtraGMLKQxjn30Sf7sA/3Db76IUPqyKDYko3PecxgN7EAatpXQ3nEwJqcoKu
xk/8SCWRR9ksf4jPkkUFNOF7gM7Vv/H3sAEZuEIV+A+UFwZELYj1LSwycP1T3wcw
gu1T5RwywlWp2Puv/yJMJM9WO06uwufs5aJa1wIDAQABo4HXMIHUMB0GA1UdDgQW
BBT03C0Cr431iJPIX6ObUzyBSIMtZTCBpAYDVR0jBIGcMIGZgBT03C0Cr431iJPI
X6ObUzyBSIMtZaF2pHQwcjELMAkGA1UEBhMCSW4xCzAJBgNVBAgTAkNIMQswCQYD
VQQHEwJCYTEMMAoGA1UEChMDTlNBMQswCQYDVQQLEwJzZDELMAkGA1UEAxMCc2Ex
ITAfBgkqhkiG9w0BCQEWEnBhcnRoYUBqdW5pcGVyLm5ldIIJAPVEboWk6oKVMAwG
A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAKurcNzyX/1z/6mo2YQqZGyyh
1OKlpo8NmRbA+MYWM01dMJv4xQHXo9WLc6N/DxRsKQ0XYIGYwOHVZzhPmYUrq45Z
h3sYtYwYhh8jBOS9I491w+YPaZZsYIh1yfmKj4U3ylpIAn6ubIZ/1SViUWjnxWA/
Wvr5UifuxXMkq2hbceo=
-----END CERTIFICATE-----
 
  1. Attach the certificate onto EX as per the screen capture shown below (this view may change depending the platform and model):

  2. Use the added certificate under https:

This will enable https for the interfaces specified.

Modification History:

2020-02-18: Added related links to KB an technical documentation.

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Security Alerts and Vulnerabilities

Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search