- request security certificate enroll filename filename subject subject
- alternative-subject alternative-subject certification-authority certification-authority encoding (binary | pem) key-file key-file domain-name domain-name
Command introduced before JUNOS Release 7.4.
(Encryption interface on M Series and T Series routers only) Obtain a signed certificate from a certificate authority (CA). The signed certificate validates the CA and the owner of the certificate. The results are saved in a specified file to the /var/etc/ikecert directory.
filename filename — File that stores the certificate.
subject subject — Distinguished name (dn), which consists of a set of components—for example, an organization (o), an organization unit (ou), a country (c), and a locality (l).
alternative-subject alternative-subject — Tunnel source address.
certification-authority certification-authority — Name of the certificate authority profile in the configuration.
encoding (binary | pem) — File format used for the certificate. The format can be a binary file or privacy-enhanced mail (PEM), an ASCII base64-encoded format. The default format is binary.
key-file key-file — File containing a local private key.
domain-name domain-name — Fully qualified domain name.
maintenance
When you enter this command, you are provided feedback on the status of your request.
request security certificate (signed)
user@host> request security certificate enroll
filename host.crt subject c=uk,o=london alternative-subject 10.50.1.4
certification-authority verisign key-file host-1.prv domain-name host.juniper.net
CA name: juniper.net CA file: ca_verisign local pub/private key pair: host.prv subject: c=uk,o=london domain name: host.juniper.net alternative subject: 10.50.1.4 Encoding: binary Certificate enrollment has started. To view the status of your enrollment, check the key management process (kmd) log file at /var/log/kmd. <--------------