I'm trying to enable REST-api for my Juniper SRX 300 device and I'm going nuts. The main crux of the problem is that whenever I try to make a call to an RPC URL I'm being told that the request is unauthorized and it failed to open session to execute RPC. I have not found anything in the documentation that would indicate that a user would require any special privileges and thus assumed that a super-user should be more then sufficent to log in. In addition to this problem, I found out while desperately trying to make the service start, that the log directory where rest-api service tries to save it's message trace is "/var/chroot/rest-api/var/log/", which is read only. Because of this I'm unable to turn on message tracing and look at the logs for any information regarding this credential related problem. I have tried making RPC-calls using CURL and the REST-API explorer on the srx 300.
My main questions are:
- Do I need any configurations to individual users in order to make them usable with the rest-api?
- Is there anything else that might cause the failure of the RPC session that would return response with status 401 ?
- Could this be software issue (In the past I had to update the release version because https webaccess was faulty)?
Here is my Juniper srx 300 release version
JUNOS 17.4R1.16 built 2017-12-19 19:58:10 UTC
Here is my rest-api configuration
show system services rest
http {
port 3000;
addresses ***.***.***.***;
}
https {
port 3443;
addresses ***.***.***.***;
server-certificate ***;
cipher-list ecdhe-rsa-with-aes-256-gcm-sha384;
}
control {
allowed-sources [ ******** ];
connection-limit 8;
}
enable-explorer;
Here is the response header I get from the srx 300 when making an RPC-call
date: Wed, 18 May 2022 12:49:43 GMT
server: lighttpd/1.4.32
status: 401
transfer-encoding: chunked
Here is the response body
Failed to open session to execute RPC
