Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?





Hierarchy Level

Release Information

Statement introduced in Junos OS Release 18.1R1.


You can group multiple CA profiles in one trusted CA group for a given topology. These certificates are used to establish connection between two endpoints. To establish an IPsec connection, both the endpoints must trust the same CA. If either of the endpoints are unable to validate the certificate using their respective trusted CA (ca-profile) or trusted CA group, the connection is not established.


nameSpecify a name for the trusted CA group. A minimum of one CA profile is mandatory to create a trusted CA group and a maximum of 20 CAs are allowed in one trusted CA group. Any CA from a particular group can validate the certificate for that particular topology.
ca-profilesSpecify a name for the CA profiles. A CA is an entity that issues digital certificates which helps to establish secure connection between peers through certificate validation.

Required Privilege Level