Navigation
Table of Contents
Guide That Contains This Content
[+] Expand All
[-] Collapse All
Related Documentation
- J Series
- Understanding Certificate Loading
- Digital Certificates Configuration Overview
- Example: Using SCEP to Automatically Renew a Local Certificate
- Example: Verifying Certificate Validity
- Example: Configuring a Certificate Authority Profile with CRL Locations
- LN Series
- Understanding Certificate Loading
- Digital Certificates Configuration Overview
- Example: Using SCEP to Automatically Renew a Local Certificate
- Example: Verifying Certificate Validity
- Example: Configuring a Certificate Authority Profile with CRL Locations
- SRX Series
- Understanding Certificate Loading
- Digital Certificates Configuration Overview
- Example: Using SCEP to Automatically Renew a Local Certificate
- Example: Verifying Certificate Validity
- Example: Configuring a Certificate Authority Profile with CRL Locations
- Additional Information
- Public Key Infrastructure Feature Guide for Security Devices
Example: Loading CA and Local Certificates Manually
This example shows how to load CA and local certificates manually.
Requirements
Before you begin:
- Generate a public-private key pair. See Example: Generating a Public-Private Key Pair.
- Create a CA profile. See Understanding Certificate Authority Profiles.

Note: CA Profile is only required for the CA certificate and not for the local certificate
- Generate a certificate request. See Example: Manually Generating a CSR for the Local Certificate and Sending it to the CA Server.
Overview
In this example, you download the local.cert and ca.cert certificates and save them to the /var/tmp/ directory on the device.
Configuration
Step-by-Step Procedure
To load the certificate files onto a device:
- Load the local certificate.[edit]user@host> request security pki local-certificate load certificate-id local.cert filename /var/tmp/local.cert
- Load the CA certificate.[edit]user@host> request security pki ca-certificate load ca-profile ca-profile-ipsec filename /var/tmp/ca.cert
- Examine the fingerprint of the CA certificate, if it is correct for this CA certificate say yes to accept.
Verification
To verify the certificates loaded properly, enter the show security pki local-certificate and show security pki ca-certificate commands in operational mode.
Fingerprint: e8:bf:81:6a:cd:26:ad:41:b3:84:55:d9:10:c4:a3:cc:c5:70:f0:7f (sha1) 19:b0:f8:36:e1:80:2c:30:a7:31:79:69:99:b7:56:9c (md5) Do you want to load this CA certificate ? [yes,no] (no) yes
Related Documentation
- J Series
- Understanding Certificate Loading
- Digital Certificates Configuration Overview
- Example: Using SCEP to Automatically Renew a Local Certificate
- Example: Verifying Certificate Validity
- Example: Configuring a Certificate Authority Profile with CRL Locations
- LN Series
- Understanding Certificate Loading
- Digital Certificates Configuration Overview
- Example: Using SCEP to Automatically Renew a Local Certificate
- Example: Verifying Certificate Validity
- Example: Configuring a Certificate Authority Profile with CRL Locations
- SRX Series
- Understanding Certificate Loading
- Digital Certificates Configuration Overview
- Example: Using SCEP to Automatically Renew a Local Certificate
- Example: Verifying Certificate Validity
- Example: Configuring a Certificate Authority Profile with CRL Locations
- Additional Information
- Public Key Infrastructure Feature Guide for Security Devices

