[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

request security certificate (signed)

Syntax

request security certificate enroll filename filename subject subject
alternative-subject alternative-subject certification-authority certification-authority encoding (binary | pem) key-file key-file domain-name domain-name

Release Information

Command introduced before JUNOS Release 7.4.

Description

(Encryption interface on M Series and T Series routers only) Obtain a signed certificate from a certificate authority (CA). The signed certificate validates the CA and the owner of the certificate. The results are saved in a specified file to the /var/etc/ikecert directory.

Options

filename filenameFile that stores the certificate.

subject subjectDistinguished name (dn), which consists of a set of components—for example, an organization (o), an organization unit (ou), a country (c), and a locality (l).

alternative-subject alternative-subjectTunnel source address.

certification-authority certification-authorityName of the certificate authority profile in the configuration.

encoding (binary | pem) — File format used for the certificate. The format can be a binary file or privacy-enhanced mail (PEM), an ASCII base64-encoded format. The default format is binary.

key-file key-fileFile containing a local private key.

domain-name domain-nameFully qualified domain name.

Required Privilege Level

maintenance

List of Sample Output

request security certificate (signed)

Output Fields

When you enter this command, you are provided feedback on the status of your request.

Sample Output

request security certificate (signed)

user@host> request security certificate enroll filename host.crt subject c=uk,o=london alternative-subject 10.50.1.4 certification-authority verisign key-file host-1.prv domain-name host.juniper.net
CA name: juniper.net CA file: ca_verisign 
local pub/private key pair: host.prv 
subject: c=uk,o=london domain name: host.juniper.net 
alternative subject: 10.50.1.4 
Encoding: binary 
Certificate enrollment has started. To view the status of your enrollment, check the key management process (kmd) log file at /var/log/kmd. <-------------- 

[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]