Enrolling a CA Certificate Online

With Simple Certificate Enrollment Protocol (SCEP), you can configure your Juniper Networks device to obtain a CA certificate online and start the online enrollment for the specified certificate ID. The CA public key verifies certificates from remote peers.

This topic covers:

• CLI Operation
• Related Topics

CLI Operation

1. Use the following command to get the CA certificate online using SCEP. The attributes required to reach the CA server are obtained from the defined CA profile.

   user@host> request security pki ca-certificate enroll ca-profile ca-profile_name

   The command is processed synchronously to provide the fingerprint of the received CA certificate as shown below:

   Fingerprint:

   e6:fa:d6:da:e8:8d:d3:00:e8:59:12:e1:2c:b9:3c:c0:9d:6c:8f:8d (sha1)

   82:e2:dc:ea:48:4c:08:9a:fd:b5:24:b0:db:c3:ba:59 (md5)

   Do you want to load the above CA certificate ? [yes,no]

   You must confirm that the correct certificate is loaded. The CA certificate is loaded only when you type yes at the CLI prompt. For more information on the certificate, such as the bit length of the key pair, use the command show security pki ca-certificate described in the JUNOS Software CLI Reference.

2. Go on to Enrolling a Local Certificate Online .

Related Topics

• Using Digital Certificates
• Generating a Public-Private Key Pair
• Generating a Local Certificate Request Manually
• Re-enrolling Local Certificates Automatically
• Verifying Certificate Validity
• Checking Certificate Validity Using CRLs