Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation
Table of Contents
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    show security pki ca-certificate (View)

    Syntax

    show security pki ca-certificate<brief | detail><ca-profile ca-profile-name >

    Release Information

    Command modified in Junos OS Release 8.5. Subject string output field added in Junos OS Release 12.1X44-D10.

    Description

    Display information about the certificate authority (CA) public key infrastructure (PKI) digital certificates configured on the device.

    Note: The FIPS image does not permit the use of MD5 fingerprints. Therefore, MD5 fingerprints are not included when a certificate is displayed using this command. The SHA-1 fingerprint (that is currently displayed) is retained in the FIPS image. The Simple Certificate Enrollment Protocol (SCEP) is disabled in the FIPS image.

    Options

    • none—Display basic information about all configured CA certificates.
    • brief | detail—(Optional) Display the specified level of output.
    • ca-profile ca-profile-name- (Optional) Display information about only the specified CA certificate.

    Required Privilege Level

    view

     

    Related Documentation

     

    List of Sample Output

    show security pki ca-certificate ca-profile RootCA brief
    show security pki ca-certificate ca-profile RootCA detail

    Output Fields

    Table 1 lists the output fields for the show security pki ca-certificate command. Output fields are listed in the approximate order in which they appear.

    Table 1: show security pki ca-certificate Output Fields

    Field Name

    Field Description

    Certificate identifier

    Name of the digital certificate.

    Certificate version

    Revision number of the digital certificate.

    Serial number

    Unique serial number of the digital certificate.

    Issued to

    Device that was issued the digital certificate.

    Issued by

    Authority that issued the digital certificate.

    Issuer

    Authority that issued the digital certificate, including details of the authority organized using the distinguished name format. Possible subfields are:

    • Organization—Organization of origin.
    • Organizational unit—Department within an organization.
    • Country—Country of origin.
    • Locality—Locality of origin.
    • Common name—Name of the authority.

    Subject

    Details of the digital certificate holder organized using the distinguished name format. Possible subfields are:

    • Organization—Organization of origin.
    • Organizational unit—Department within an organization.
    • Country—Country of origin.
    • Locality—Locality of origin.
    • Common name—Name of the authority.

    If the certificate contains multiple subfield entries, all entries are displayed.

    Subject string

    Subject field as it appears in the certificate.

    Validity

    Time period when the digital certificate is valid. Values are:

    • Not before—Start time when the digital certificate becomes valid.
    • Not after—End time when the digital certificate becomes invalid.

    Public key algorithm

    Encryption algorithm used with the private key, such as rsaEncryption(1024 bits).

    Signature algorithm

    Encryption algorithm that the CA used to sign the digital certificate, such as sha1WithRSAEncryption.

    Fingerprint

    Secure Hash Algorithm (SHA1) and Message Digest 5 (MD5) hashes used to identify the digital certificate.

    Distribution CRL

    Distinguished name information and the URL for the certificate revocation list (CRL) server.

    Use for key

    Use of the public key, such as Certificate signing, CRL signing, Digital signature, or Data encipherment.

    Sample Output

    show security pki ca-certificate ca-profile RootCA brief

    user@host> show security pki ca-certificate ca-profile RootCA brief 
    Certificate identifier: RootCA
  Issued to: RootCA, Issued by: C = US, O = example, CN = RootCA
  Validity:
    Not before: 05- 3-2012 07:15
    Not after: 05- 2-2017 07:15
  Public key algorithm: rsaEncryption(1024 bits)

    Sample Output

    show security pki ca-certificate ca-profile RootCA detail

    user@host> show security pki ca-certificate ca-profile RootCA detail 
    Certificate identifier: RootCA
  Certificate version: 3
  Serial number: 0712dc31
  Issuer:
    Organization: example, Country: US, Common name: RootCA
  Subject:
    Organization: example, Country: US, Common name: RootCA
  Subject string: 
    C=US, O=example, CN=RootCA
  Validity:
    Not before: 05- 3-2012 07:15
    Not after: 05- 2-2017 07:15
  Public key algorithm: rsaEncryption(1024 bits)
    30:81:89:02:81:81:00:ac:b0:c0:11:ac:0c:34:37:04:97:65:c2:b1
    ae:7e:68:e0:fa:37:23:a1:f0:eb:4d:eb:03:89:c9:d9:0d:34:f3:66
    91:97:8c:e9:9c:d4:b5:55:8d:c1:e2:8b:95:08:9d:29:f8:ab:ac:ff
    ae:af:f7:bc:4b:33:f2:eb:b9:e6:13:6d:18:d7:64:a7:85:78:99:41
    4e:b4:fa:bc:3e:1b:5c:26:25:89:03:af:e9:c6:e9:9e:7b:74:1a:1a
    5b:b4:2a:48:78:57:68:e2:5c:0b:71:71:78:ac:a2:23:5f:ca:d2:4a
    38:4c:35:5a:20:cc:44:39:96:26:20:43:bd:75:fd:02:03:01:00:01
  Signature algorithm: sha1WithRSAEncryption
  Use for key: CRL signing, Certificate signing, Key encipherment,
  Digital signature
  Fingerprint:                          
    eb:2a:2a:eb:d3:c7:cb:62:65:2e:6a:76:56:b8:af:88:51:8a:30:c9 (sha1)
    cd:43:ae:a4:b2:11:9e:cf:1a:47:fd:7f:0c:ce:d9:fd (md5)
  Auto-re-enrollment:
    Status: Disabled
    Next trigger time: Timer not started

    Modified: 2016-07-07

    Previous Page Next Page