Related Documentation
- J Series
- clear security pki local-certificate (Device)
- request security pki local-certificate generate-self-signed (Security)
- LN Series
- clear security pki local-certificate (Device)
- request security pki local-certificate generate-self-signed (Security)
- SRX Series
- clear security pki local-certificate (Device)
- request security pki local-certificate generate-self-signed (Security)
show security pki local-certificate (View)
Syntax
Release Information
Command modified in Junos OS Release 9.1. Subject string output field added in Junos OS Release 12.1X44-D10.
Description
Display information about the local digital certificates, corresponding public keys, and the automatically generated self-signed certificate configured on the device.
Options
- none—Display basic information about all configured local digital certificates, corresponding public keys, and the automatically generated self-signed certificate.
- brief | detail—(Optional) Display the specified level of output.
- certificate-id certificate-id-name —(Optional) Display information about only the specified local digital certificates and corresponding public keys.
- system-generated—Display information about the automatically generated self-signed certificate.
Required Privilege Level
view
Related Documentation
- J Series
- clear security pki local-certificate (Device)
- request security pki local-certificate generate-self-signed (Security)
- LN Series
- clear security pki local-certificate (Device)
- request security pki local-certificate generate-self-signed (Security)
- SRX Series
- clear security pki local-certificate (Device)
- request security pki local-certificate generate-self-signed (Security)
List of Sample Output
show security pki local-certificate certificate-id helloshow security pki local-certificate certificate-id hello detail
show security pki local-certificate system-generated
show security pki local-certificate system-generated detail
show security pki local-certificate certificate-id mycert - (local certificate enrolled online using SCEP)
show security pki local-certificate certificate-id mycert detail - (local certificate enrolled online using SCEP)
Output Fields
Table 1 lists the output fields for the show security pki local-certificate command. Output fields are listed in the approximate order in which they appear.
Table 1: show security pki local-certificate Output Fields
Field Name | Field Description |
|---|---|
Certificate identifier | Name of the digital certificate. |
Certificate version | Revision number of the digital certificate. |
Serial number | Unique serial number of the digital certificate. |
Issued to | Device that was issued the digital certificate. |
Issued by | Authority that issued the digital certificate. |
Issuer | Authority that issued the digital certificate, including details of the authority organized using the distinguished name format. Possible subfields are:
|
Subject | Details of the digital certificate holder organized using the distinguished name format. Possible subfields are:
If the certificate contains multiple subfield entries, all entries are displayed. |
Subject string | Subject field as it appears in the certificate. |
Alternate subject | Domain name or IP address of the device related to the digital certificate. |
Validity | Time period when the digital certificate is valid. Values are:
|
Public key algorithm | Encryption algorithm used with the private key, such as rsaEncryption(1024 bits). |
Public key verification status | Public key verification status: Failed or Passed. The detail output also provides the verification hash. |
Signature algorithm | Encryption algorithm that the CA used to sign the digital certificate, such as sha1WithRSAEncryption. |
Fingerprint | Secure Hash Algorithm (SHA1) and Message Digest 5 (MD5) hashes used to identify the digital certificate. |
Distribution CRL | Distinguished name information and URL for the certificate revocation list (CRL) server. |
Use for key | Use of the public key, such as Certificate signing, CRL signing, Digital signature, or Data encipherment. |
Sample Output
show security pki local-certificate certificate-id hello
user@host> show
security pki local-certificate certificate-id hello
Certificate identifier: hello
Issued to: cn1, Issued by: DC = local, DC = demo, CN = device1-ABC-A1-CA
Validity:
Not before: 08- 8-2012 17:02
Not after: 08- 8-2014 17:02
Public key algorithm: rsaEncryption(1024 bits)Sample Output
show security pki local-certificate certificate-id hello detail
user@host> show
security pki local-certificate certificate-id hello detail Certificate identifier: hello
Certificate version: 3
Serial number: 61ba9da000000000d72e
Issuer:
Common name: device1-ABC-A1-CA,
Domain component: local, Domain component: demo
Subject:
Organization: o1, Organization: o2,
Organizational unit: ou1, Organizational unit: ou2, Country: US, State: CA,
Locality: Sunnyvale, Common name: cn1, Common name: cn2,
Domain component: dc1, Domain component: dc2
Subject string:
C=US, DC=dc1, DC=dc2, ST=CA, L=Sunnyvale, O=o1, O=o2, OU=ou1, OU=ou2, CN=cn1, CN=cn2
Alternate subject: "ernie@example.net", ernie.example.net, 10.1.2.3
Validity:
Not before: 08- 8-2012 17:02
Not after: 08- 8-2014 17:02
Public key algorithm: rsaEncryption(1024 bits)
30:81:89:02:81:81:00:b4:14:01:d5:4f:79:87:d5:bb:e6:5e:c1:14
97:da:b4:40:ad:1a:77:3e:ec:2e:68:8e:e4:93:a3:fe:7c:0b:58:af
e1:20:27:82:ca:8d:6f:f0:97:d1:ad:fe:df:6c:cb:3c:b0:4f:cc:dd
ac:d8:69:3f:3c:59:b5:2a:c6:83:e8:b3:94:5e:0a:2d:cd:e2:b0:15
3e:97:a7:8a:4e:fb:59:f7:20:4c:ba:a8:80:3e:ba:be:69:ef:2b:32
e4:1a:1c:24:53:1b:d5:c3:aa:d4:25:73:96:76:ea:49:d4:da:7e:3e
0c:c6:6b:22:43:cb:04:84:0d:25:33:07:6b:49:41:02:03:01:00:01
Signature algorithm: sha1WithRSAEncryption
Distribution CRL:
ldap:///CN=device1-ABC-A1-CA,CN=everett-win,CN=CDP,CN=Public%20Key
%20Services,CN=Services,CN=Configuration,DC=demo,DC=local?certificateRevocationList?base?
objectClass=cRLDistributionPoint
http://everett-win.device1.example.net/CertEnroll/device1-ABC-A1-CA.crl
Use for key: Key encipherment, Digital signature, 1.3.6.1.5.5.8.2.2,
1.3.6.1.5.5.8.2.2
Fingerprint:
76:a8:5f:65:b4:bf:bd:10:d8:56:82:65:ff:0d:04:3a:a5:e9:41:dd (sha1)
8f:99:a4:15:98:10:4b:b6:1a:3d:81:13:93:2a:ac:e7 (md5)
Auto-re-enrollment:
Status: Disabled
Next trigger time: Timer not startedSample Output
show security pki local-certificate system-generated
user@host> show
security pki local-certificate system-generated
Certificate identifier: system-generated
Issued to: JN10B9390AGB, Issued by: CN = JN10B9390AGB, CN = system generated, CN = self-signed
Validity:
Not before: 10-30-2009 23:02
Not after: 10-29-2014 23:02
Public key algorithm: rsaEncryption(1024 bits)Sample Output
show security pki local-certificate system-generated detail
user@host> show
security pki local-certificate system-generated detail Certificate identifier: system-generated
Certificate version: 3
Serial number: e90d42ebd14ef954b3e48c2eed5b30fb
Issuer:
Common name: JN10B9390AGB, Common name: system generated, Common name: self-signed
Subject:
Common name: JN10B9390AGB, Common name: system generated, Common name: self-signed
Subject string:
CN=JN10B9390AGB, CN=system generated, CN=self-signed
Validity:
Not before: 10-30-2009 23:02
Not after: 10-29-2014 23:02
Public key algorithm: rsaEncryption(1024 bits)
30:81:89:02:81:81:00:cb:c8:3f:e6:d3:e5:ca:9d:dc:2d:e9:ca:c7
5f:b1:f5:3a:f0:1c:a7:55:43:0f:ef:fd:1c:fe:29:09:d5:37:d0:fa
d6:ee:bc:b8:3f:58:d4:31:fb:96:4f:4f:cc:a9:1a:8f:2e:1b:50:6f
2b:88:34:74:b2:6d:ad:94:b5:dd:3d:80:87:56:d0:42:50:4d:ac:d7
8c:21:06:2d:07:1e:f4:d0:c7:85:2e:25:60:ad:1b:b5:b2:d2:1d:c8
79:67:8c:56:06:04:75:6e:be:4e:99:b8:07:e6:9a:11:fe:b5:ec:c0
1e:68:da:47:99:1b:b2:c8:07:ab:cd:6e:fe:c1:fd:02:03:01:00:01
Signature algorithm: sha1WithRSAEncryption
Fingerprint:
be:1f:21:13:71:cd:9d:de:7a:41:d7:4c:52:8d:3e:d6:ba:db:75:96 (sha1)
ba:fc:90:4b:5f:a8:66:a3:b9:64:89:9f:e2:45:b5:84 (md5)
Auto-re-enrollment:
Status: Disabled
Next trigger time: Timer not startedSample Output
show security pki local-certificate certificate-id mycert - (local certificate enrolled online using SCEP)
user@host> show security pki local-certificate
certificate-id mycertCertificate identifier: mycert
Issued to: user, Issued by: DC = local, DC = demo, CN = device1-ABC-A1-CA
Validity:
Not before: 11-15-2012 18:58
Not after: 11-15-2014 18:58
Public key algorithm: rsaEncryption(1024 bits)Sample Output
show security pki local-certificate certificate-id mycert detail - (local certificate enrolled online using SCEP)
user@host> show security pki local-certificate
certificate-id mycert detailCertificate identifier: mycert
Certificate version: 3
Serial number: 1f00b50a000000013ad2
Issuer:
Common name: device1-abc1-CA,
Domain component: local, Domain component: demo
Subject:
Organization: example-org, Organizational unit: SSD, Country: US,
Common name: user, Serial number: SRX240-11152012
Subject string:
serialNumber=SRX240-11152012, C=US, O=Example-org, OU=SSD, CN=user
Alternate subject: "user@example.net", user.example.net, 10.150.1.2
Validity:
Not before: 11-15-2012 18:58
Not after: 11-15-2014 18:58
Public key algorithm: rsaEncryption(1024 bits)
30:81:89:02:81:81:00:e3:e5:ae:c0:82:af:db:94:01:2f:56:46:50
7d:3d:0b:0c:f0:1f:1d:7d:c3:aa:d4:4c:a0:cd:23:8b:3f:47:05:ee
7b:65:42:a0:dc:c4:ac:a7:b6:a6:9f:5c:ea:d8:22:b0:bf:03:75:09
be:fa:77:cb:d6:67:19:e6:80:fa:a5:7c:93:af:96:66:9f:cc:45:d5
eb:ab:c1:f0:32:a6:d9:27:1b:80:bb:57:ec:31:a2:e0:2b:e1:42:c0
92:8a:9b:ed:a6:d2:ec:7c:84:5a:8a:d9:96:a7:7e:40:c3:80:0e:f4
d6:a2:5d:78:93:3b:7d:d5:8a:f5:de:fb:bc:0d:6d:02:03:01:00:01
Signature algorithm: sha1WithRSAEncryption
Distribution CRL:
ldap:///CN=device1-ABC-A1-CA,CN=everett-win,CN=CDP,CN=Public%20Key%20Services,
CN=Services,CN=Configuration,DC=demo,DC=local?certificateRevocationList?
base?objectClass=cRLDistributionPoint
http://abc1.device1.example.net/CertEnroll/device1-ABC-A1-CA.crl
Use for key: Key encipherment, Digital signature, 1.3.6.1.5.5.8.2.2,
1.3.6.1.5.5.8.2.2
Fingerprint:
1f:2f:a9:22:a8:d5:a9:36:cc:c4:bd:81:59:9d:9c:58:bb:40:15:72 (sha1)
51:27:e4:d5:29:90:f7:85:9e:67:84:a1:75:d1:5b:16 (md5)
Auto-re-enrollment:
Status: Disabled
Next trigger time: Timer not started
