Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

clear security pki local-certificate (Device)

 

Syntax

Release Information

Command modified in Junos OS Release 9.1.

Starting in Junos OS Release 20.1R1 on vSRX 3.0, you can safeguard the private keys used by PKID and IKED using Microsoft Azure Key Vault hardware security module (HSM) service. You can establish a PKI based VPN tunnel using the keypairs generated at the HSM. The hub certificate-id option under certificate-id is not available for configuration after generating HSM key-pair.

Starting in Junos OS Release 20.4R1 on vSRX 3.0, you can safeguard the private keys used by PKID and IKED using AWS Key Management Service (KMS). You can establish a PKI based VPN tunnel using the keypairs generated by the KMS. The hub certificate-id option under certificate-id is not available for configuration after generating PKI key-pair.

Note

You cannot manually re-enroll the local certificates when you re-generate key-pairs, if you are not generating key-pairs during re-enrollment. A warning HSM does not support auto re-enrollment with new keypair error: configuration check-out failed is displayed in the output of the show security pki auto-re-enrollment command.

Also, when you clear the local certificates using the run clear security pki local-certificate all and run clear security pki key-pair all commands you will receive a warning Key pair deleted successfully but still present at HSM. Please purge the keypair from keyvault before re-using the name.

Description

Clear public key infrastructure (PKI) information for local digital certificates on the device.

Options

  • all—Clear information for all the local digital certificates on the device.

    You cannot clear the automatically generated self-signed certificate using clear security pki local-certificate all command. To clear the self-signed certificate you need to use system-generated as an option.

  • certificate-id certificate-id —Clear the specified local digital certificate with this certificate ID.

  • system-generated—Clear the existing automatically generated self-signed certificate and generate a new self-signed certificate.

Required Privilege Level

clear and security

List of Sample Output

clear security pki local-certificate all

clear security pki local-certificate system-generated

Output Fields

When you enter this command, you are provided feedback on the status of your request.

Sample Output

clear security pki local-certificate all

user@host> clear security pki local-certificate all

Sample Output

clear security pki local-certificate system-generated

user@host> clear security pki local-certificate system-generated