Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX] Accessing SRX using J-Web or committing HTTPS access without PKI certificate returns error messages

0

0

Article ID: KB30728 KB Last Updated: 23 Mar 2016Version: 1.0
Summary:

This article explains how to add a Public Key Infrastructure (PKI) certificate signed by your trusted Certificate Authority (CA) to your SRX device for HTTPS access.

Symptoms:

  • When an administrator attempts to access the SRX using J-Web, the following error messages appear from each web browser:

    Chrome: Your connection is not private
    Firefox: This Connection is Untrusted
    Internet Explorer: There is a problem with this website’s security certificate.

  • When an administrator attempts to commit HTTPS access to an SRX without some kind of certificate, the following error is returned:

    [edit]
    root@srx# show|compare
    [edit system services web-management https]
    + interface ge-0/0/0.0;

    [edit]
    root@srx# commit
    [edit system services web-management]
    'https'
    Missing mandatory statement: 'local-certificate' or 'pki-local-certificate' or 'system-generated-certificate'
    error: commit failed: (missing mandatory statements)

Solution:

For Public Key Infrastructure (PKI) local certificate, configure your SRX with the following steps:
  1. Generate a certificate request by following the steps in KB10175.
  2. Send your request to your trusted CA. It will give you your local certificate and the CA certificate.
  3. Load the local and CA certificates to the SRX by following the steps in KB10176.
  4. Configure HTTPS to use your loaded local certificate for authentication:

    [edit system services web-management https]
    root@srx# set interface ge-0/0/0.0

    [edit system services web-management https]
    root@srx# set pki-local-certificate [local certificate file name]

    [edit system services web-management https]
    root@srx# top


    [edit]
    root@srx# commit
    commit complete

  5. Add the CA certificate to your Trusted CAs on your browser if it was not there already. Instructions on how to do this vary depending on the browser being used, thus not included here.

Notes:
For local-certificate, see KB11611 or Secure Web Access Guide.
For system-generated-certificate, see KB15201.

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search