Install or import the certificates for the HTTPS Server.
To configure Mutual Authentication do the following:
-
Import the HTTPS server certificates.
crypto ca import-pkcs type pkcs12 cert-type https protocol FTP directory
/mydir-name file /myfile-name source-ip 10.11.12.13 user user-name password password
-
Restart the HTTPS service for the VRF on which the HTTPS service is needed. The following
step shows the command to restart the HTTPS service on a management VRF.
SLX(config)# http server use-vrf mgmt-vrf shutdown
SLX(config)# no http server use-vrf mgmt-vrf shutdown
SLX(config)# end
-
Import the client's CA certificates.
crypto import httpsclientca directory /mydir-name file /myfile-name host 10.11.12.13
user user-name password password
-
Restart the HTTPS service once gain for the VRF on which the HTTPS service is needed. The
following step shows the command to restart the HTTPS service on a management VRF. If this
step is not performed, Mutual Authentication will not happen as the client's CA certificate
will not be considered for authentication.
SLX(config)# http server use-vrf mgmt-vrf shutdown
SLX(config)# no http server use-vrf mgmt-vrf shutdown
SLX(config)# end
