request security certificate (signed)

Syntax

request security certificate enroll filename filename subject subject 

alternative-subject alternative-subject certification-authority certification-authority 
encoding (binary | pem) key-file key-file domain-name domain-name

Description

Obtain a signed certificate from a certificate authority (CA). The signed certificate validates the CA and the owner of the certificate. The results are saved in a specified file to the /var/etc/ikecert directory.

Options

filename filename—File that stores the certificate.

subject subject—A distinguished name (DN), which consists of a set of components—for example, an organization (O), an organization unit (OU), a country (C), and a locality (L).

alternative-subject alternative-subject—A tunnel source address.

certification-authority certification-authority—Name of the certificate authority profile in the configuration.

encoding (binary | pem)—File format used for the certificate. The format can be a binary file or privacy-enhanced mail (PEM), an ASCII base64 encoded format.
Default: binary

key-file key-file—File containing a local private key.

domain-name domain-name—Fully qualified domain name.

Required Privilege Level

maintenance

List of Sample Output

request security certificate (signed)

request security certificate (signed)

user@host> request security certificate enroll filename host.crt subject 
c=uk,o=london alternative-subject 10.50.1.4 certification-authority verisign 
key-file host-1.prv domain-name host.juniper.net 

CA name: juniper.net CA file: ca_verisign 

local pub/private key pair: host.prv 

subject: c=uk,o=london domain name: host.juniper.net 

alternative subject: 10.50.1.4 

Encoding: binary 

Certificate enrollment has started. To view the status of your enrollment, check 
the key management process (kmd) log file at /var/log/kmd. <--------------