Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation
Table of Contents
Guide That Contains This Content
[+] Expand All
[-] Collapse All
     

    Related Documentation

     

    show security pki local-certificate

    Syntax

    show security pki local-certificate <brief | detail><certificate-id certificate-id-name><system-generated>

    Release Information

    Command introduced in Junos OS Release 11.1 for EX Series switches.

    Description

    Display information about the local digital certificates and the corresponding public keys installed in the switch.

    Options

    none

    (Same as brief) Display information about all local digital certificates and corresponding public keys.

    brief | detail

    (Optional) Display information about local digital certificates and corresponding public keys for the specified level of output.

    certificate-id certificate-id-name

    (Optional) Display information about only the specified the local digital certificate and corresponding public keys.

    system-generated

    (Optional) Display information about the automatically generated self-signed certificate.

    Required Privilege Level

    view

     

    Related Documentation

     

    List of Sample Output

    show security pki local-certificate
    show security pki local-certificate detail

    Output Fields

    Table 1 lists the output fields for the show security pki local-certificate command. Output fields are listed in the approximate order in which they appear.

    Table 1: show security pki local-certificate Output Fields

    Field Name

    Field Description

    Level of Output

    Certificate identifier

    Name of the digital certificate.

    All levels

    Certificate version

    Revision number of the digital certificate.

    detail

    Serial number

    Unique serial number of the digital certificate.

    detail

    Issued by

    Authority that issued the digital certificate.

    none brief

    Issued to

    Device that was issued the digital certificate.

    none brief

    Issuer

    Authority that issued the digital certificate, including details of the authority organized using the distinguished name format. Possible subfields are:

    • Common name—Name of the authority.
    • Organization—Organization of origin.
    • Organizational unit—Department within an organization.
    • State—State of origin.
    • Country—Country of origin.

    detail

    Subject

    Details of the digital certificate holder organized using the distinguished name format. Possible subfields are:

    • Common name—Name of the authority.
    • Organization—Organization of origin.
    • Organizational unit—Department within an organization.
    • State—State of origin.
    • Country—Country of origin.

    detail

    Alternate subject

    Domain name or IP address of the device related to the digital certificate.

    detail

    Validity

    Time period when the digital certificate is valid. Values are:

    • Not before—Start time when the digital certificate becomes valid.
    • Not after—End time when the digital certificate becomes invalid.

    All levels

    Public key algorithm

    Encryption algorithm used with the private key, such as rsaEncryption (1024 bits).

    All levels

    Public key verification status

    Public key verification status: Failed or Passed. The detail output also provides the verification hash.

    All levels

    Signature algorithm

    Encryption algorithm that the CA used to sign the digital certificate, such as sha1WithRSAEncryption.

    detail

    Fingerprint

    Secure Hash Algorithm (SHA1) and Message Digest 5 (MD5) hashes used to identify the digital certificate.

    detail

    Distribution CRL

    Distinguished name information and URL for the certificate revocation list (CRL) server.

    detail

    Use for key

    Use of the public key, such as Certificate signing, CRL signing, Digital signature, or Key encipherment.

    detail

    Sample Output

    show security pki local-certificate

    user@switch> show security pki local-certificate 
    Certificate identifier: local-entrust2
  Issued to: router2.juniper.net, Issued by: juniper
  Validity:
    Not before: 2005 Nov 21st, 23:28:22 GMT
    Not after: 2008 Nov 21st, 23:58:22 GMT
  Public key algorithm: rsaEncryption(1024 bits)
  Public key verification status: Passed

    show security pki local-certificate detail

    user@switch> show security pki local-certificate detail 
    Certificate identifier: local-entrust3
  Certificate version: 3
  Serial number: 4355 94f9
  Issuer:
    Organization: juniper, Country: us
  Subject:
    Organization: juniper, Country: us, Common name: switch1.juniper.net
  Alternate subject: switch1.juniper.net
  Validity:
    Not before: 2005 Nov 21st, 23:33:58 GMT
    Not after: 2008 Nov 22nd, 00:03:58 GMT
  Public key algorithm: rsaEncryption(1024 bits)
  Public key verification status: Passed
    fb:79:df:d4:a9:03:0f:d3:69:7e:c1:e4:27:35:9c:d9:b1:a2:47:78
    d2:6d:f3:e5:f4:68:4f:b3:04:45:88:57:99:82:39:a6:51:9e:5f:42
    23:3f:d7:6e:3d:a5:54:a9:b1:2d:6e:90:dd:12:8a:bf:ef:2b:20:50
    ba:f0:da:d9:0c:ad:5e:d6:c6:98:3a:ae:3f:90:dd:94:78:c1:ea:2e
    7c:f0:2d:d4:79:d4:cd:f0:52:df:5e:72:f2:e7:ae:66:f7:61:f4:bc
    72:57:3e:6c:6d:d3:24:58:8b:f4:ef:da:2a:6a:fa:eb:98:f8:34:84
    79:54:da:4f:d3:6f:52:1f
  Signature algorithm: sha1WithRSAEncryption
  Fingerprint:
    61:3a:d0:b4:7a:16:9b:39:ba:81:3f:9d:ab:34:e5:c8:be:3b:a1:6d (sha1)
    60:a0:ff:58:05:4a:65:73:9d:74:3a:e1:83:6f:1b:c8 (md5)
  Distribution CRL: 
    C=us, O=juniper, CN=CRL1
    http://CA-1/CRL/juniper_us_crlfile.crl
  Use for key: Digital signature

    Published: 2012-12-07

    Previous Page Next Page