Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation
Table of Contents
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Enrolling a CA Certificate Online Using SCEP

    Before you begin:

    1. Generate a public and private key pair. See Example: Generating a Public-Private Key Pair.
    2. Create a CA profile. See Example: Configuring a CA Profile.

    To enroll a CA certificate online:

    1. Retrieve the CA certificate online using SCEP. (The attributes required to reach the CA server are obtained from the defined CA profile.)
      user@host> request security pki ca-certificate enroll ca-profile ca-profile-ipsec

      The command is processed synchronously to provide the fingerprint of the received CA certificate.

      Fingerprint:e6:fa:d6:da:e8:8d:d3:00:e8:59:12:e1:2c:b9:3c:c0:9d:6c:8f:8d (sha1)82:e2:dc:ea:48:4c:08:9a:fd:b5:24:b0:db:c3:ba:59 (md5)Do you want to load the above CA certificate ? [yes,no]
    2. Confirm that the correct certificate is loaded. The CA certificate is loaded only when you type yes at the CLI prompt.

      For more information on the certificate, such as the bit length of the key pair, use the command show security pki ca-certificate described in the Junos OS CLI Reference.

     

    Related Documentation

     

    Published: 2012-06-29

    Previous Page Next Page