- request security pki local-certificate enroll ca-profile ca-profile-name certificate-id certificate-id-name challenge-password password domain-name domain-name subject subject-distinguished-name
- <ip-address ip-address>
- <validity-end-time end-time>
- <validity-start-time start-time>
Command introduced in JUNOS Release 7.5.
(Adaptive services interfaces only) Request that a CA enroll and install a local digital certificate online by using the Simple Certificate Enrollment Protocol (SCEP).
ca-profile ca-profile-name — CA profile name.
certificate-id certificate-id-name — Name of the local digital certificate and the public/private key pair.
challenge-password password — Password set by the administrator and normally obtained from the SCEP enrollment web page of the CA. The password is 16 characters in length.
domain-name domain-name — Fully qualified domain name (FQDN). The FQDN provides the identity of the certificate owner for Internet Key Exchange (IKE) negotiations and provides an alternative to the subject name.
subject subject-distinguished-name — Distinguished name format that contains the common name, department, company name, state, and country:
ip-address ip-address — (Optional) IP address of the router.
validity-end-time end-time — (Optional) Endpoint in time when the digital certificate becomes invalid. You must configure the time in the following format: YYYY-MO-DD.HH:MN:SS. If you do not specify an end time value, the end time is assigned by the default CA policy.
validity-start-time start-time — (Optional) Start time that the digital certificate is valid, in the following format: YYYY-MO-DD.HH:MN:SS. If you do not specify the start time value, the current time is used.
Specifying a validity-end-time and a validity-start-time is optional. However, you cannot configure only an end time or a start time. You must configure both an end time and a start time if you do not want to use the default values.
maintenance
show security pki local-certificate
When you enter this command, you are provided feedback on the status of your request.
request security pki local-certificate enroll
user@host> request security pki local-certificate
enroll certificate-id r3-entrust-scep ca-profile entrust domain-name
router3.juniper.net subject "CN=router3,OU=Engineering,O=juniper,C=US"
challenge-password 123Certificate enrollment has started. To view the status of your enrollment, check the key management process (kmd) log file at /var/log/kmd. Please save the challenge-password for revoking this certificate in future. Note that this password is not stored on the router.