request security pki local-certificate re-enroll scep
Command introduced in Junos OS Release 15.1X49-D60.
Manually reenroll an end-entity (EE) certificate with Simple Certificate Enrollment Protocol (SCEP). This command allows the administrator to initiate renewal of the EE certificate using SCEP and can be used in conjunction with the set security pki auto-re-enrollment scep automatic enrollment configuration.
Starting in Junos OS Release 20.1R1 on vSRX 3.0, you can safeguard the private keys used by PKID and IKED to establish a PKI based VPN tunnel using the keypairs generated at the Microsoft Azure Key Vault hardware security module (HSM) service and starting in Junos OS Release 20.4R1 on vSRX 3.0, the same feature is supported through AWS Key Management Service (KMS).
You cannot manually re-enroll the local certificates with the “re-generate key-pair” option. An error message is displayed.
Warning message upon re-enrollment - sample output:
 root@vsrx-1# ...te-id hsm1 ca-profile azure-ca challenge-password juniper re-generate-keypair error: HSM Error: Re-enrollment is not allowed with re-generate key-pair option.
Key generation might take a few seconds.
Required Privilege Level
maintenance and security
This command produces no output.