I would like to rid myself of the pesky browser warnings about insecure HTTPS access to J-Web on my SRX devices. How can this be achieved with the minimum amount of administrative effort? It is not a problem if there is some cost involved in obtaining the certificates from an appropriate authority, but as access is only required via the internal network I'm guessing the solution is some kind of self-signed effort combined with some browser tweaking.
I have seen both articles in my prior search. The first requires a Linux server, which I do not have access to, and the second must be out-of-date (2011) or contain error(s) in the instructions, as I tried to follow them, but a required option is greyed out.
Then submit this on the Microsoft web interface for your CA role server. The server will issue the certificate with the requests url and parameters. Setup the DNS name that matches on your internal DNS servers.
Thank you for your considered and detailed response Steve.
I don't currently have access to a CA, but will do in the near future. So unless there's an easy way to do it without one, I will hold off. However, I do have one question: will I need to distribute the certificates to clients via Group Policy so any client can access J-Web without being troubled by warning message?
RE: XCA. On the Source tab of 'Create X509 Certificate', I am unable to select 'Use this certificate for signing' as shown in the screenshot, but I'm guessing the instructions are geared towards a different scenario.