Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[Junos] How to create a custom self-signed certificate for web-management using HTTPS

1

0

Article ID: KB21718 KB Last Updated: 17 Nov 2021Version: 4.0
Summary:

This article helps in generating a self-signed certificate for accessing J-Web using HTTPS for users who wish to use their own custom attributes.

Note: You also have the option of using a system-generated certificate. For more information, refer to KB16647 - SRX Getting Started - Configure Management Access.

Solution:

Perform the following procedure to configure the self-signed certificate:

> show security pki certificate-request
> show security pki local-certificate

> request security pki generate-key-pair size 1024 certificate-id testname
> request security pki local-certificate generate-self-signed certificate-id testname subject CN=<device-serial-number> domain-name juniper.com ip-address 172.27.100.3

# set system services web-management https pki-local-certificate testname
# set system services web-management https interface fe-0/0/1.0

Sample configuration output on SRX devices:

root@srx4600-r2012> request security pki generate-key-pair size 1024 certificate-id testname 
Generated key pair testname, key size 1024 bits

root@srx4600-r2012> show security pki certificate-request 
Certificate identifier: testname
  Certificate request not present
  
root@srx4600-r2012> request security pki local-certificate generate-self-signed certificate-id testname subject CN=<device-serial-number> domain-name juniper.com ip-address 10.219.90.18 
Self-signed certificate generated and loaded successfully

root@srx4600-r2012> show security pki certificate-request 
Certificate identifier: ms-cert
  Issued to: John Doe
  Public key algorithm: rsaEncryption(1024 bits)

Certificate identifier: testname
  Certificate request not present

root@srx4600-r2012> show security pki local-certificate 
LSYS: root-logical-system
Certificate identifier: testname
  Issued to: "<device-serial-number>", Issued by: CN = "<device-serial-number>"
  Validity:
    Not before: 03- 4-2021 08:40 UTC
    Not after: 03- 3-2026 08:40 UTC
  Public key algorithm: rsaEncryption(1024 bits)
  Keypair Location: Keypair generated locally

root@srx4600-r2012> configure 
Entering configuration mode

[edit]
root@srx4600-r2012# set system services web-management https pki-local-certificate testname 
root@srx4600-r2012# set system services web-management https interface fxp0.0  
root@srx4600-r2012# commit

Sample configuration output on MX devices:

> request security pki local-certificate generate-self-signed certificate-id juniper subject CN=<device-serial-number> domain-name juniper.com ip-address 10.219.35.198 email abc@juniper.net

labroot@jtac-mx960dc-r2023-re0# run show security pki certificate-request                                                                                                                                  
Certificate identifier: juniper
  Certificate request not present
labroot@jtac-mx960dc-r2023-re0# run show security pki local-certificate 

Certificate identifier: juniper
  Issued to: "<device-serial-number>", Issued by: CN = "<device-serial-number>"
  Validity:
    Not before: 08-12-2021 07:41 UTC
    Not after: 08-11-2026 07:41 UTC
  Public key algorithm: rsaEncryption(4096 bits)

To clear the local certificate:

> clear security pki local-certificate certificate-id testname
> clear security pki key-pair certificate-id testname
Modification History:

2021-03-04: Added a configuration example and updated the product category list

2021-11-17: Corrected the subject line because the process is the same for all devices running Junos OS; MX sample output added as well

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search