Specify a URL to the SCEP server and the name of the certification authority whose certificate you want: mycompany.com. filename 1 is name of the file that stores the result. The output, "Received CA certificate:" provides the signature for the certificate, which allows you to verify (offline) that the certificate is genuine.
- user@host> request security certificate enroll filename ca_verisign ca-file verisign ca-name xyzcompany url
- URL: http://pilotonsiteipsec.verisign.com/cgi-bin/pkiclient.exe CA name: juniper.net CA file: verisign Encoding: binary
- Certificate enrollment has started. To see the certificate enrollment status, check the key management process (kmd) log file at /var/log/kmd. <--------------
Note: Each router is initially manually enrolled with a certificate authority.