Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

show security pki ca-certificate (View)

 

Syntax

Release Information

Command modified in Junos OS Release 8.5. Subject string output field added in Junos OS Release 12.1X44-D10. Policy identifier output field added in Junos OS Release 12.3X48-D10.

Description

Display information about the certificate authority (CA) public key infrastructure (PKI) digital certificates configured on the device.

The FIPS image does not permit the use of MD5 fingerprints. Therefore, MD5 fingerprints are not included when a certificate is displayed using this command. The SHA-1 fingerprint that is currently displayed is retained in the FIPS image. The Simple Certificate Enrollment Protocol (SCEP) is disabled in the FIPS image.

Options

  • none—Display basic information about all configured CA certificates.

  • brief | detail—(Optional) Display the specified level of output.

  • ca-profile ca-profile-name- (Optional) Display information about only the specified CA certificate.

Required Privilege Level

view

List of Sample Output

show security pki ca-certificate ca-profile RootCA brief

show security pki ca-certificate ca-profile RootCA detail

show security pki ca-certificate ca-profile ca-tmp detail

Output Fields

Table 1 lists the output fields for the show security pki ca-certificate command. Output fields are listed in the approximate order in which they appear.

Table 1: show security pki ca-certificate Output Fields

Field Name

Field Description

Certificate identifier

Name of the digital certificate.

Certificate version

Revision number of the digital certificate.

Serial number

Unique serial number of the digital certificate.

Issuer

Authority that issued the digital certificate, including details of the authority organized using the distinguished name format. Possible subfields are:

  • Organization—Organization of origin.

  • Organizational unit—Department within an organization.

  • Country—Country of origin.

  • Locality—Locality of origin.

  • Common name—Name of the authority.

Subject

Details of the digital certificate holder organized using the distinguished name format. Possible subfields are:

  • Organization—Organization of origin.

  • Organizational unit—Department within an organization.

  • Country—Country of origin.

  • Locality—Locality of origin.

  • Common name—Name of the authority.

If the certificate contains multiple subfield entries, all entries are displayed.

Subject string

Subject field as it appears in the certificate.

Validity

Time period when the digital certificate is valid. Values are:

  • Not before—Start time when the digital certificate becomes valid.

  • Not after—End time when the digital certificate becomes invalid.

Public key algorithm

Encryption algorithm used with the private key, such as rsaEncryption(1024 bits).

Signature algorithm

Encryption algorithm that the CA used to sign the digital certificate, such as sha1WithRSAEncryption.

Certificate Policy

Policy Identifier—One or more policy object identifiers (OIDs).

Use for key

Use of the public key, such as Certificate signing, CRL signing, Digital signature, or Data encipherment.

Fingerprint

Secure Hash Algorithm (SHA1) and Message Digest 5 (MD5) hashes used to identify the digital certificate.

Distribution CRL

Distinguished name information and the URL for the certificate revocation list (CRL) server.

Sample Output

show security pki ca-certificate ca-profile RootCA brief

user@host> show security pki ca-certificate ca-profile RootCA brief

Sample Output

show security pki ca-certificate ca-profile RootCA detail

user@host> show security pki ca-certificate ca-profile RootCA detail

Sample Output

show security pki ca-certificate ca-profile ca-tmp detail

user@host> show security pki ca-certificate ca-profile ca-tmp detail