Support Support Downloads Knowledge Base Apex Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX] How to create a custom self-signed certificate for web-management using HTTPS

1

0

Article ID: KB21718 KB Last Updated: 18 Mar 2021Version: 3.0
Summary:
This article helps in generating a self-signed certificate for accessing J-Web using HTTPS; for users who wish to use their own custom attributes.

Note : We also have an option of system-generated certificate. For more information, refer to KB16647 - SRX Getting Started - Configure Management Access.
Solution:
Perform the following procedure to configure the self-signed certificate:
> show security pki certificate-request
> show security pki local-certificate

> request security pki generate-key-pair size 1024 certificate-id testname
> request security pki local-certificate generate-self-signed certificate-id testname subject CN=<device-serial-number> domain-name juniper.com ip-address 172.27.100.3

# set system services web-management https pki-local-certificate testname
# set system services web-management https interface fe-0/0/1.0

 
Sample configuration output:

root@srx4600-r2012> request security pki generate-key-pair size 1024 certificate-id testname 
Generated key pair testname, key size 1024 bits

root@srx4600-r2012> show security pki certificate-request 
Certificate identifier: testname
  Certificate request not present
  
root@srx4600-r2012> request security pki local-certificate generate-self-signed certificate-id testname subject CN=<device-serial-number> domain-name juniper.com ip-address 10.219.90.18 
Self-signed certificate generated and loaded successfully

root@srx4600-r2012> show security pki certificate-request 
Certificate identifier: ms-cert
  Issued to: John Doe
  Public key algorithm: rsaEncryption(1024 bits)

Certificate identifier: testname
  Certificate request not present

root@srx4600-r2012> show security pki local-certificate 
LSYS: root-logical-system
Certificate identifier: testname
  Issued to: "<device-serial-number>", Issued by: CN = "<device-serial-number>"
  Validity:
    Not before: 03- 4-2021 08:40 UTC
    Not after: 03- 3-2026 08:40 UTC
  Public key algorithm: rsaEncryption(1024 bits)
  Keypair Location: Keypair generated locally

root@srx4600-r2012> configure 
Entering configuration mode

[edit]
root@srx4600-r2012# set system services web-management https pki-local-certificate testname 
root@srx4600-r2012# set system services web-management https interface fxp0.0  
root@srx4600-r2012# commit



To clear the local certificate:
> clear security pki local-certificate certificate-id testname
> clear security pki key-pair certificate-id testname
Modification History:
2021-03-04: Added a configuration example and update the product category list.

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search