Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation
Table of Contents
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    request security pki local-certificate enroll (Security)

    Syntax

    request security pki local-certificate enroll ca-profile ca-profile-name certificate-id certificate-id-name challenge-password password domain-name domain-name subject subject-distinguished-name<email email-address><ip-address ip-address>

    Release Information

    Command introduced in Junos OS Release 7.5. Serial number (SN) option added to the subject string output field in Junos OS Release 12.1X45.

    Description

    Request that a certificate authority (CA) enroll and install a local digital certificate online by using the Simple Certificate Enrollment Protocol (SCEP).

    Note: SCEP supports RSA certificates only.

    Options

    ca-profile ca-profile-name

    CA profile name.

    certificate-id certificate-id-name

    Name of the local digital certificate and the public/private key pair.

    challenge-password password

    Password set by the administrator and normally obtained from the SCEP enrollment webpage of the CA. The password is 16 characters in length.

    domain-name domain-name

    Fully qualified domain name (FQDN). The FQDN provides the identity of the certificate owner for Internet Key Exchange (IKE) negotiations and provides an alternative to the subject name.

    subject subject-distinguished-name

    Distinguished name format that contains the common name, department, company name, state, and country:

    • CN—Common name
    • OU—Organizational unit name
    • O—Organization name
    • ST—State
    • C—Country
    email email-address

    (Optional) E-mail address of the certificate holder.

    ip-address ip-address

    (Optional) IP address of the router.

    Required Privilege Level

    maintenance

     

    Related Documentation

     

    List of Sample Output

    Output Fields

    When you enter this command, you are provided feedback on the status of your request.

    Sample Output

    user@host> request security pki local-certificate enroll certificate-id r3-entrust-scep ca-profile entrust domain-name router3.example.net subject "CN=router3,OU=Engineering,O=example,C=US" challenge-password 123
    Certificate enrollment has started. To view the status of your enrollment, check the public key infrastructure log (pkid) log file at /var/log/pkid. Please save the challenge-password for revoking this certificate in future.  Note that this password is not stored on the router.

    Modified: 2016-07-06

    Previous Page Next Page