Generating SSL Certificates | Juniper Networks J4350, J6350 specification

Chapter 8: Configuring Secure Web Access

■Obtain an SSL certificate from a trusted signing authority. See “Generating SSL Certificates” on page 155.

Generating SSL Certificates

To enable secure Web access, you must first generate a digital SSL certificate, and then enable HTTPS access on the Services Router.

To generate an SSL certificate:

1.Enter the following openssl command in your Secure Shell command-line interface. The openssl command generates a self-signed SSL certificate in the privacy-enhanced mail (PEM) format. It writes the certificate and an unencrypted 1024-bit RSA private key to the specified file.

%openssl req –x509 –nodes –newkey rsa:1024 –keyout filename.pem -out filename.pem

Replace filename with the name of a file in which you want the SSL certificate to be written—for example, new.pem.

2.When prompted, type the appropriate information in the identification form. For example, type US for the country name.

3.Display the contents of the file new.pem.

cat new.pem

Copy the contents of this file for installing the SSL certificate.

You can use either J-Web Quick Configuration or a configuration editor to install the SSL certificate and enable HTTPS.

Configuring Secure Web Access

Navigate to the Secure Access Quick Configuration page by selecting Configuration>Quick Configuration>Secure Access. On this page, you can enable HTTP and HTTPS access on interfaces for managing Services Routers through the Web interface. You can also install SSL certificates and enable JUNOScript over SSL with the Secure Access page.

Figure 72 on page 156 shows the Secure Access Quick Configuration page.

Configuring Secure Web Access ■ 155

Image 177

Juniper Networks J4350, J6350 manual Generating SSL Certificates, Configuring Secure Web Access

Contents

Getting Started Guide Software License End User License Agreement IiiPage Abbreviated Table of Contents Page Table of Contents Chapter PIM and VoIP Module Overview Viii Table of Contents 103 Part Installing a Services Router 131 117 153 Part Maintaining Services Router Hardware161 171 Xii Table of Contents 209213 Part Series Requirements and Specifications 223247 Part Xiv Table of Contents Objectives About This GuideAudience Objectives Xvi How to Use This Guide How to Use This GuideLocation of J-series Information Series Tasks Location of Instruction Text and Syntax Conventions Document Conventions Web GUI Conventions Related Juniper Networks Documentation Series Guides and Related Junos Software Publications Getting Started Guide for Your RouterRelated Juniper Networks Documentation Series Services Router Administration Guide Chapter in a J-series GuideXx Related Juniper Networks Documentation Documentation Feedback Requesting Technical SupportDocumentation Feedback Xxii Requesting Technical Support Self-Help Online Tools and Resources Series Overview Series OverviewPage Overview of Services Routers J2320 Services Router OverviewJ2320 Services Router Overview J2350 Services Router Overview J2350 Services Router Overview J4350 Services Router Overview Overview of Services RoutersJ4350 Services Router Overview J6350 Services Router Overview J6350 Services Router Overview Summary of J-series Features and License Requirements Series Software Features and LicensesFeature Category Series Feature Separate License Series Software Features and Licenses Multicast RoutingIP Address Management Encapsulation Ethernet Voice Support SecurityHigh Availability Traffic Analysis Monitoring AdministrationPage J2320 and J2350 Services Router Hardware Features J2320 and J2350 Services Router Hardware FeaturesSystem Overview J2320 and J2350 Chassis Front of J2320 Chassis 14 J2320 and J2350 Services Router Hardware Features Rear of J2320 Chassis Front of J2350 Chassis J2320 Hardware Components Rear of J2350 DC-Powered Chassis Description Value J2320 and J2350 Physical Specifications 18 J2320 and J2350 Services Router Hardware Features J2320 and J2350 MidplaneJ2320 and J2350 Routing Engine Hardware J2320 and J2350 Front Panel J2320 and J2350 Boot Devices Power Button and Power LED 20 J2320 and J2350 Services Router Hardware FeaturesPhysical Interface Modules PIMs J2320 and J2350 Power LED J2320 and J2350 Status LEDColor State Description Reset Config Button J2320 and J2350 Alarm LED22 J2320 and J2350 Services Router Hardware Features Console Port Built-In Gigabit Ethernet PortsAUX Port Gigabit Ethernet Port LEDs J2350 Power System J2320 Power System24 J2320 and J2350 Services Router Hardware Features J2320 and J2350 External Compact Flashes J2320 and J2350 Cooling System 26 J4350 and J6350 Services Router Hardware Features J4350 and J6350 Services Router Hardware Features J4350 and J6350 Chassis J4350 and J6350 Services Router Hardware Features Front of J4350 and J6350 Chassis Rear of J4350 AC-Powered Chassis Rear of J4350 DC-Powered Chassis 30 J4350 and J6350 Services Router Hardware Features J4350 and J6350 Physical Specifications J4350 and J6350 Boot Devices J4350 and J6350 MidplaneJ4350 and J6350 Routing Engine Hardware J4350 and J6350 Front Panel 32 J4350 and J6350 Services Router Hardware Features Power LED Slot Number Diagram on Front Panel Alarm LED 34 J4350 and J6350 Services Router Hardware FeaturesStatus LED Reset Config Button 36 J4350 and J6350 Services Router Hardware Features J4350 Power System J6350 Power System Power Supply LEDState Description J4350 and J6350 Cooling System 38 J4350 and J6350 Services Router Hardware Features Software Overview Software Overview Routing Engine and Packet Forwarding Engine Kernel and MicrokernelJunos Software Processes User Interfaces Junos Software ProcessesProcess Name Description Software Overview PIM and VoIP Module Overview PIM and VoIP Module TermsPIM and VoIP Module Terms Term Definition PIM and VoIP Module Terms Dialer filter PIM and VoIP Module Overview Field-Replaceable PIMs J2320 and J2350 Field-Replaceable PIM SummaryField-Replaceable PIMs J2320 and J2350 Field-Replaceable PIM Summary J4350 and J6350 Field-Replaceable PIM Summary J4350 and J6350 Field-Replaceable PIM and Module Summary Fe-3/0/0 Port, 6-Port, 8-Port, and 16-Port Gigabit Ethernet uPIMs 16-Port Gigabit Ethernet uPIM TX/RX Port Gigabit Ethernet ePIMs Optical Interface Support for SFP Gigabit Ethernet uPIMsParameter 1000Base-SX Transceiver 1000Base-LX Transceiver SFP Gigabit Ethernet ePIM Optical Interface Support for SFP Gigabit Ethernet ePIM Dual-Port Serial PIM Status LEDs for Serial PortsColor State Description Dual-Port T1 PIM Dual-Port T1 or E1 PIM Status LEDs for T1 and E1 Ports Dual-Port Channelized T1/E1/ISDN PRI PIM Label Color State Description LEDs for Channelized T1/E1/ISDN PRI PIMs T3 PIM T3 or E3 PIM Status LEDs for T3 and E3 Ports Dual-Port Fast Ethernet PIM LEDs for Dual-Port Fast Ethernet PIM Port Fast Ethernet ePIM LEDs for 4-Port Fast Ethernet ePIM Port Isdn BRI PIMs LEDs for Isdn BRI S/T and U PIMs Isdn BRI U PIM Adsl PIM Shdsl PIM LEDs for Adsl PIMs Avaya VoIP Modules LEDs for G.SHDSL PIMsAvaya VoIP Modules J2320 and J2350 Avaya VoIP Module Summary Avaya VoIP Module Summary TIM521 BRI J4350 and J6350 Avaya VoIP Module Summary TGM550 Telephony Gateway Module TGM550 Telephony Gateway Module Hardware or Feature TGM550 Maximum Capacity TGM550 Maximum Media Gateway CapacitiesAdditional Information ASB LEDs for TGM550 Gateway Module TIM508 Possible Port Configurations Possible Analog Telephone Line ConfigurationsTIM508 Analog Telephony Interface Module LEDs for TIM508 TIM510 E1/T1 Telephony Interface Module LEDs for TIM510 TIM514 Analog Telephony Interface Module TIM514 Possible Port Configurations TIM516 Analog Telephony Interface ModuleLEDs for TIM514 TIM516 Possible Port Configurations Possible Analog Telephone Line Line ConfigurationsLEDs for TIM516 TIM518 Analog Telephony Interface Module TIM518 Possible Port Configurations LEDs for TIM518 TIM521 BRI Telephony Interface Module LEDs for TIM521 User Interface Overview Services Router User Interface OverviewWeb Overview User Interface Overview CLI Overview Before You BeginBefore You Begin Services Router User Interface Overview Using the J-Web InterfaceUsing the J-Web Interface Starting the J-Web Interface Web Layout Elements of the J-Web Interface Main Pane Elements Top Pane Elements Main Pane Elements Side Pane Elements Side Pane Elements Navigating the J-Web Interface Navigating the J-Web Configuration Editor Navigating the Quick Configuration PagesWeb Quick Configuration Buttons Key J-Web Edit Configuration Buttons Getting J-Web Help CoS Help Web Sessions Using the Command-Line Interface CLI Command HierarchyUsing the Command-Line Interface Starting the CLI CLI Operational Mode CLI Configuration Mode Editing Keystrokes CLI Basics Command Completion CLI Editing KeystrokesTask Category Action Keyboard Sequence Online Help Help Commands Configuring the CLI Environment Configuring the CLI Environment Set cli terminal Set cli screen-widthAnsi Vt100Page Installing a Services Router Installing a Services RouterPage Preparing for Router Installation General Site GuidelinesGeneral Site Guidelines Rack Requirements Rack Size and Strength for J2320 and J2350 RoutersRack Requirements Preparing for Router Installation Rack Size and Strength for J4350 and J6350 RoutersConnection to Building Structure Router Environmental Tolerances Fire Safety RequirementsFire Suppression Router Environmental Tolerances Power Guidelines, Requirements, and Specifications Power Guidelines, Requirements, and SpecificationsFire Suppression Equipment Signaling Limitations Site Electrical Wiring GuidelinesRadio Frequency Interference Electromagnetic Compatibility Router Power Requirements AC Power, Connection, and Power Cord SpecificationsSpecification Country Electrical Specifications Plug Standards AC Power Cord Specifications DC Power, Connection, and Power Cable Specifications Planning for Power Management Series PIM Power Consumption and Heat Dissipation Tokens Junos CLI Low Power High PowerName Model Number Model Low- Power Capacity High- Power Capacity Tokens Maximum Power and Heat Capacities of J-series Models Site Preparation Checklist Network Cable SpecificationsSite Preparation Checklist Isdn ProvisioningPage Installing and Connecting a Services Router Unpacking a J-series Services Router Unpacking a J-series Services Router Installing J2320 and J2350 Routers Installing and Connecting a Services RouterInstalling J2320 and J2350 Routers Installing J4350 and J6350 Routers Installing J4350 and J6350 Routers Installing the Mounting Brackets Attaching Center Screw to the Rack Connecting Interface Cables to Services Routers Connecting Interface Cables to Services RoutersChassis Grounding Connecting Power Connecting AC PowerConnecting Power Connecting AC Power to the J2320 Services Router Connecting AC Power to the J2350 Services Router Connecting DC Power VDC and RTN Connecting DC Power to the J2350 Services Router Powering a Services Router On and Off Powering a Services Router On and OffPage Basic Connectivity Terms Establishing Basic ConnectivityBasic Connectivity Terms Term Definition Basic Connectivity Overview Router IdentificationBasic Connectivity Overview Network Settings Root PasswordTime Zone and System Time Establishing Basic Connectivity Backup Router Default GatewayLoopback Address Built-In Ethernet Interface Address Management Access Configuration Guide for Common Criteria and JUNOS-FIPS Connecting to a Services Router Connecting to the J-Web InterfaceConnecting to a Services Router Connecting to a Services Router COM1 Connecting to the CLI Locally Connecting to the Console Port on J2320 and J2350 Routers Configuring the Modem at the Router End Connecting to the CLI Remotely Connecting the Modem to the Console Port Configuring Basic Settings with J-Web Quick Configuration Connecting to the CLI at the User EndConfiguring Basic Settings with J-Web Quick Configuration Set Up Quick Configuration Field Function Your Action Set Up Quick Configuration SummaryIdentification Time Field Function Set Up Quick Configuration SummaryNetwork Ge-0/0/0 Address Sample Settings on a Services Router Configuring Basic Settings with a Configuration Editor Configuring Basic Settings Set backup router address Task Web Configuration Editor CLI Configuration EditorSet ntp server Set name-server Verifying Basic Connectivity Displaying Basic Connectivity Configurations 151 Displaying Basic Connectivity ConfigurationsPage Secure Web Access Terms Configuring Secure Web AccessSecure Web Access Terms Secure Web Access Terms Secure Web Access Overview Secure Web Access Overview Configuring Secure Web Access Configuring Secure Web AccessGenerating SSL Certificates Quick Configuration Secure Access Http Web Access Secure Access Quick Configuration SummaryHttps Web Access Certificates Secure Access Quick Configuration Summary Configuring Secure Web Access with a Configuration EditorConfiguring a Secure Web Access Configuring Secure Web Access with a Configuration Editor Displaying an SSL Certificate Configuration Verifying Secure Web Access Displaying a Secure Access Configuration Displaying a Secure Access Configuration Series License Overview Installing and Managing J-series LicensesLicense Enforcement Series License Overview Series Services Router Software Feature Licenses Software Feature LicensesLicensed Software Feature License Name License Key Components Installed Licenses Feature SummaryManaging J-series Licenses with the J-Web Interface Summary of License Management Fields Deleting Licenses with the J-Web Interface Adding New Licenses with the J-Web InterfaceDisplaying License Keys with the J-Web Interface Downloading Licenses with the J-Web Interface Adding New Licenses with the CLI Managing J-series Licenses with the CLIDeleting a License with the CLI Managing J-series Licenses with the CLI Saving License Keys with the CLI Displaying Installed LicensesVerifying J-series License Management Verifying J-series License Management Displaying Installed License Keys Displaying License UsageDisplaying License Usage Displaying Installed License Keys Maintaining Services Router Hardware Maintaining Services Router HardwarePage Replacing Hardware Components Tools and Parts RequiredTools and Parts Required Replacing a PIM Replacing the Console Port CableRemoving a PIM Tools and Parts Required Replacing a PIM Replacing Hardware Components Installing a PIM Installing a PIM Replacing PIM Cables Installing PIM CablesRemoving PIM Cables Replacing PIM Cables User@host request chassis fpc slot pim-slotonline To replace the cover on the J2320 and J2350 chassis Matching the Chassis Slots and Tabs Location of J2320 and J2350 Internal Compact Flash Removing the J2320 or J2350 Internal Compact Flash Location of J4350 and J6350 Compact Flash Page Removing the J4350 or J6350 Compact Flash Replacing External Compact Flashes Replacing External Compact Flashes Replace the compact flash slot cover Replacing USB Storage Devices Removing the USB Storage DeviceReplacing USB Storage Devices Installing the USB Storage Device Replacing Dram Modules Replacing Dram Modules J4350 and J6350 Dram Location Removing a Dram Module Installing or Replacing Dram Modules Installing a Dram Module Replacing Power System Components Replacing AC Power Supply CordsReplacing Power System Components Removing an AC Power Supply from J6350 Routers Removing an AC Power Supply Installing an AC Power Supply in J6350 Routers Installing an AC Power Supply Replacing DC Power Supply Cables Removing a DC Power Supply Removing a DC Power Supply Installing a DC Power Supply VDC and RTN Installing a DC Power Supply Removing a J2320 or J2350 Crypto Module Removing a J2320 or J2350 Crypto Accelerator Module Installing a J2320 or J2350 Crypto Accelerator Module Installing a J2320 or J2350 Crypto Accelerator Module User@host show chassis hardware Removing a J4350 or J6350 Crypto Accelerator Module Removing a J4350 or J6350 Crypto Module Screw Installing a J4350 or j6350 Crypto Accelerator Module Replacing Air Filters on J2350 Routers Replacing Air Filters on J2350 Routers Replacing Air Filters on J4350 and J6350 Routers Replacing Air Filters on J4350 and J6350 Routers Attaching Air Filter and Filter Cover Page Chassis Alarm Conditions Troubleshooting Hardware ComponentsChassis Alarm Conditions and Corrective Actions Component Alarm Conditions Corrective Action Alarm Severity Troubleshooting Power Management Troubleshooting Power Management User@host show chassis fpc Troubleshooting Hardware Components Contacting the Juniper Networks Technical Assistance Center Contacting the Juniper Networks Technical Assistance Center Contacting Customer Support and Returning Hardware Locating Component Serial NumbersLocating Component Serial Numbers Location of the Serial Number ID Labels J2320 and J2350 Chassis Serial Number and Agency Labels Contacting Customer Support and Returning Hardware J4350 and J6350 Chassis Serial Number and Agency Labels Return Procedure Power Supply Serial Number LabelsPIM Serial Number Label Contacting Customer Support Packing a Router or Component for Shipment Tools and Parts RequiredPacking a Router or Component for Shipment Packing Components for Shipment Packing the Services Router for Shipment Contacting Customer Support and Returning Hardware Page Series Requirements and Specifications Series Requirements and SpecificationsPage Serial PIM Cable Specifications Network Cable Specifications and Connector PinoutsPort Serial PIM Cables and Connectors Serial PIM Cable Specifications LFH-60 Pin DB-25 Pin LFH-60 Pairing Description RS-232 DTE Cable PinoutRS-232 DTE Cable Pinout RS-422/449 EIA-449 DTE Cable Pinout RS-232 DCE Cable PinoutRS-232 DCE Cable Pinout RS-422/449 EIA-449 DTE Cable Pinout Receive Data a RS-422/449 EIA-449 DCE Cable Pinout RS-422/449 EIA-449 DCE Cable Pinout EIA-530A DTE Cable Pinout EIA-530A DTE Cable Pinout EIA-530A DCE Cable Pinout EIA-530A DCE Cable Pinout LFH-60 Pin 34 Pin LFH-60 Pairing Description DTE Cable Pinout35 DTE Cable Pinout DCE Cable Pinout LFH-60 Pin DB-15 Pin LFH-60 Pairing Description35 DCE Cable Pinout 21 DTE Cable Pinout 21 DCE Cable Pinout Gigabit Ethernet uPIM RJ-45 Connector Pinout Fast Ethernet RJ-45 Connector PinoutFast Ethernet RJ-45 Connector Pinout Gigabit Ethernet uPIM RJ-45 Connector Pinout Gigabit Ethernet ePIM RJ-45 Connector Pinouts Gigabit Ethernet ePIM RJ-45 Connector PinoutPin Signal Name Gigabit Ethernet ePIM RJ-45 Connector Pinout RJ-45 Chassis Console Connector Pinout DB-9 Console Connector PinoutE1 and T1 RJ-48 Cable Pinouts RJ-48 Connector to RJ-48 Connector Straight Pinout RJ-48 Connector to RJ-48 Connector Crossover Pinout236 E1 and T1 RJ-48 Cable Pinouts RJ-48 Connector to DB-15 Connector Crossover Pinout RJ-48 Connector to DB-15 Connector Straight Pinout Adsl and G.SHDSL RJ-11 Connector Pinout E3 and T3 BNC Connector PinoutAdsl and G.SHDSL RJ-11 Connector Pinout PinSignal Connector Pinouts for Avaya VoIP Modules Isdn RJ-45 Connector PinoutIsdn RJ-45 Connector Pinout Isdn RJ-45 Connector Pinout TGM550 RJ-45 Console Connector Pinouts TGM550 RJ-11 Connector Pinout for Analog PortsTGM550 RJ-11 Connector Pinout TGM550 RJ-45 Pin Signal Terminal DB-9 Pins TIM510 RJ-45 Connector Pinout TIM508 Connector PinoutTIM508 Connector Pinout TIM510 RJ-45 Connector Pinout TIM516 Connector Pinout TIM514 Connector PinoutTIM514 RJ-11 Connector Pinout TIM516 Connector Pinout TIM516 Connector Pinout TIM518 Connector Pinout TIM518 Connector Pinout TIM521 RJ-45 Connector Pinout TIM521 Connector PinoutPage Safety and Regulatory Compliance Information Definition of Safety Warning LevelsDefinition of Safety Warning Levels Definition of Safety Warning Levels General Safety Guidelines and Warnings Safety Guidelines and WarningsSafety and Regulatory Compliance Information Safety Guidelines and Warnings Qualified Personnel Warning Place a Component into an Electrostatic Bag Preventing Electrostatic Discharge Damage General Electrical Safety Guidelines Electrical Safety Guidelines and Warnings AC Power Electrical Safety Guidelines DC Power Electrical Safety Guidelines DC Power Disconnection Warning Power Sources for Redundant Power Supplies Safety Guidelines and Warnings DC Power Wiring Sequence Warning DC Power Grounding Requirements and Warning Varten 48 V, +RTN varten +RTN, maajohto maajohtoon DC Power Wiring Terminations Warning Grounded Equipment Warning Case of Electrical Accident Multiple Power Supplies Disconnection Warning Power Disconnection Warning TN Power Warning Telecommunication Line Cord Warning Installation Safety Guidelines and Warnings Installation Instructions WarningChassis Lifting Guidelines Rack-Mounting Requirements and Warnings Safety Guidelines and Warnings Safety and Regulatory Compliance Information Safety Guidelines and Warnings Ramp Warning Laser and LED Safety Guidelines and Warnings Class 1 Laser Product Warning General Laser Safety Guidelines Laser Beam Warning Class 1 LED Product Warning Radiation from Open Port Apertures Warning Maintenance and Operational Safety Guidelines and Warnings Battery Handling Warning Jewelry Removal Warning Lightning Activity Warning Operating Temperature Warning Safety Guidelines and Warnings Product Disposal Warning Agency Approvals Agency Approvals Compliance Statements for Environmental Requirements Lithium BatteryCompliance Statements for Nebs Compliance Statements for EMC Requirements Compliance Statements for EMC Requirements Canada European Community Japan United States FCC Part 15 StatementFCC Part 68 Statement Compliance Statements for EMC Requirements Index IndexPage Symbols Alternative boot media See boot devices USB Reset Config See also LEDs Daemons See processes, software Eprom Gigabit Ethernet ports Installation Hardware Installation 119 E3 PIM Link Internal compact flash 178 Adsl Power LED Rescue configuration, resetting with Rescue Config 265 SSH System overview Hardware Software System time See also Junos CLI EMI