request security certificate (Signed Certificate)

Syntax

request security certificate enroll filename filename subject subject 

alternative-subject alternative-subject certification-authority certification-authority 
key-file key-file domain-name domain-name

Description

Obtain a signed certificate from a certificate authority (CA). The signed certificate validates the CA and the owner of the certificate. The results are saved in a specified file to the /var/etc/ikecert directory.

Options

alternative-subject alternative-subject—A tunnel source address.

certification-authority certification-authority—Name of the certificate authority profile in the configuration.

domain-name domain-name—Fully qualified domain name.

filename filename—File that stores the certificate.

key-file key-file—File containing a local private key.

subject subject—A distinguished name (DN), which consists of a set of components—for example, an organization (O), an organization unit (OU), a country (C), and a locality (L).

Required Privilege Level

maintenance

Sample Output:

user@host> request security certificate enroll filename host.crt subject 
c=uk,o=london alternative-subject 10.50.1.4 certification-authority verisign 
key-file host-1.prv domain-name host.juniper.net 

CA name: juniper.net CA file: ca_verisign 

local pub/private key pair: host.prv 

subject: c=uk,o=london domain name: host.juniper.net 

alternative subject: 10.50.1.4 

Encoding: binary 

Certificate enrollment has started. To view the status of your enrollment, check 
the key management process (kmd) log file at /var/log/kmd. <--------------