https (System Services)
Syntax
https {
certificate certificate;
certificate-key certificate-key;
default-certificate;
pki-local-certificate pki-local-certificate;
port port;
}
Hierarchy Level
[edit system services webapi (System Services)]
Description
Specify HTTPS as the communication protocol for the Web API function of the SRX Series integrated ClearPass authentication and enforcement feature. When you configure HTTPS, you specify the service certificate and certificate key. You can also specify the port to be used.
The Web API process, acting as an HTTPS server, allows the ClearPass Policy Manager (CPPM), acting as the client, to send POST request messages to HTTPS server. The CPPM, which is the authentication source for this feature, sends to the SRX Series Firewall user authentication and identity information.
If you deploy HTTPS with a Web management application, ensure that they run on different service ports.
certificate- Configures a custom certificate to be used for the Integrated ClearPass Authentication and Enforcement feature Web API (webapi) configuration when the HTTPS protocol is configured.
When you configure the Web API (webapi) function to use HTTPS, you can use the default certificate, a custom one, or a certificate generated by the PKI local store.
If you configure a custom certificate, you must configure a certificate key with it. Here is an example of how to configure a certificate and certificate key:
set system services webapi https certificate /var/tmp/certificate.crt set system services webapi https certificate-key /var/tmp/certificate.key
The Web API supports only the Privacy-Enhanced Mail (PEM) format for the custom certificate and certificate key.
certificate-key- Configures the filename of the certificate key to use with the specified custom certificate for the Web API (webapi) HTTPS configuration. A certificate key is required if a custom certificate file is used.
The Integrated ClearPass Authentication and Enforcement feature Web API supports only the PEM format for the custom certificate and certificate key.
default-certificate- Specify that the default certificate is to be used for the integrated ClearPass authentication and enforcement Web API process (webapi) HTTPS configuration. To ensure security, the Junos OS default certificate key size is 2084 bits.
pki-local-certificate- Configure the Web API process to use the local X.509 PKI certificate for HTTPS when HTTPS is specified as the communication protocol. The SRX Series integrated ClearPass authentication and enforcement feature exposes the Web API to the ClearPass Policy Mananger (CPPM) to allow the CPPM to initiate a connection to the SRX Series Firewall. For this feature, ClearPass acts as the authentication source. The CPPM uses the HTTPS connection to send user authentication and identity information to the SRX Series Firewall.
port- Specify the SRX Series Firewall TCP port to use for incoming HTTP or HTTPS connection requests initiated by the ClearPass Policy Manager (CPPM). The SRX Series Firewall integrated ClearPass authentication and enforcement feature exposes its Web API (webapi) to the CPPM. The CPPM uses the Web API to establish a connection to the SRX Series Firewall and send user authentication and identity information to it.
Options
certificate |
Configures the Web API process to use the specified, custom certificate file. |
certificate-key |
Configures the Web API process service certificate key. This parameter is required if a custom service certificate file is configured. |
default-certificate |
Configures the Web API process (webapi) to use the default HTTPS certificate. |
pki-local-certificate |
Configures the Web API process to use the local X.509 PKI certificate. |
port |
Configures the HTTPS service port.
|
Required Privilege Level
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 12.3X48-D30.