[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

show services ipsec-vpn certificates

Syntax

show services ipsec-vpn certificates
<brief | detail>
<service-set service-set>

Release Information

Command introduced in JUNOS Release 7.5.

Description

(Adaptive services interfaces only) Display local and remote certificates installed in the IPSec configuration memory cache that are used for the IKE negotiation.

Options

none — (same as brief) Display information about local and remote certificates associated with all service sets.

brief | detail — (Optional) Display the specified level of output.

service-set service-set(Optional) Display information about local and remote certificates associated with only the specified service set.

Required Privilege Level

view

List of Sample Output

show security ipsec-vpn certificates
show security ipsec-vpn certificates detail

Output Fields

Table 241 lists the output fields for the show services ipsec-vpn certificates command. Output fields are listed in the approximate order in which they appear.

Table 241: show services ipsec-vpn certificates Output Fields

Field Name

Field Description

Level of Output

Service set

Name of the IPSec service set.

All levels

Total entries

Number of certificate cache entries.

All levels

Certificate cache entry

Identification number of the certificate cache entry.

All levels

Flags

Information about the digital certificate, including whether the certificate is a root certificate and trusted.

none brief

Issued to

Device that was issued the digital certificate.

none brief

Issued by

Authority that issued the digital certificate.

none brief

Certificate version

Revision number of the digital certificate.

detail

Serial number

Unique serial number of the digital certificate.

detail

Alternate subject

Domain name or IP address of the device related to the digital certificate.

All levels

Validity

Time period when the digital certificate is valid. Values are:

  • Not before—Start time when the digital certificate becomes valid.
  • Not after—End time when the digital certificate becomes invalid.

none brief

Public key algorithm

Specifies the encryption algorithm used with the private key, such as rsaEncryption (1024 bits).

detail

Signature algorithm

Encryption algorithm that the CA used to sign the digital certificate, such as sha1WithRSAEncryption.

detail

Fingerprint

Secure Hash Algorithm (SHA1) and Message Digest 5 (MD5) hashes used to identify the digital certificate.

detail

Distribution CRL

Distinguished name information and the URL for the certificate revocation list (CRL) server.

detail

Use for key

Use of the public key, such as Certificate signing, CRL signing, Digital signature, or Key encipherment.

detail

Sample Output

show security ipsec-vpn certificates

user@host> show services ipsec-vpn certificates 
Service set: serviceset-dynamic-BiEspsha3des, Total entries: 3
  Certificate cache entry: 3
    Flags: Non-root Trusted
    Issued to: router3.juniper.net, Issued by: juniper
    Alternate subject: router3.juniper.net
    Validity:
      Not before: 2005 Nov 21st, 23:33:58 GMT
      Not after: 2008 Nov 22nd, 00:03:58 GMT
  
 Certificate cache entry: 2
    Flags: Non-root Trusted
    Issued to: router2.juniper.net, Issued by: juniper
    Alternate subject: router2.juniper.net
    Validity:
      Not before: 2005 Nov 21st, 23:28:22 GMT
      Not after: 2008 Nov 21st, 23:58:22 GMT

  Certificate cache entry: 1
    Flags: Root Trusted
    Issued to: juniper, Issued by: juniper
    Validity:
      Not before: 2005 Oct 18th, 23:54:22 GMT
      Not after: 2025 Oct 19th, 00:24:22 GMT

show security ipsec-vpn certificates detail

user@host> show services ipsec-vpn certificates detail 
Service set: serviceset-dynamic-BiEspsha3des, Total entries: 3
  Certificate cache entry: 3
    Certificate version: 3
    Serial number: 4355 94f9
    Alternate subject: router3.juniper.net
    Public key algorithm: rsaEncryption
    Signature algorithm: sha1WithRSAEncryption
    Fingerprint:
      61:3a:d0:b4:7a:16:9b:39:ba:81:3f:9d:ab:34:e5:c8:be:3b:a1:6d (sha1)
      60:a0:ff:58:05:4a:65:73:9d:74:3a:e1:83:6f:1b:c8 (md5)
    Distribution CRL: 
      C=us, O=juniper, CN=CRL1
      http://CA-1/CRL/juniper_us_crlfile.crl
    Use for key: Digital signature
                    
  Certificate cache entry: 2
    Certificate version: 3
    Serial number: 4355 94f8
    Alternate subject: router2.juniper.net
    Public key algorithm: rsaEncryption
    Signature algorithm: sha1WithRSAEncryption
    Fingerprint:
      30:c3:a4:04:da:33:9d:60:23:5a:48:75:48:2c:f0:c6:96:6c:31:fa (sha1)
      9a:a2:ce:ef:7e:10:80:a0:c8:4d:2f:e7:e1:d3:69:9d (md5)
    Distribution CRL: 
      C=us, O=juniper, CN=CRL1
      http://CA-1/CRL/juniper_us_crlfile.crl
    Use for key: Digital signature
                    
  Certificate cache entry: 1
    Certificate version: 3
    Flags: Root
    Serial number: 4355 9235
    Public key algorithm: rsaEncryption
    Signature algorithm: sha1WithRSAEncryption
    Fingerprint:
      00:8e:6f:58:dd:68:bf:25:0a:e3:f9:17:70:d6:61:f3:53:a7:79:10 (sha1)
      71:6f:6a:76:17:9b:d6:2a:e7:5a:72:97:82:6d:26:86 (md5)
    Distribution CRL: 
      C=us, O=juniper, CN=CRL1
      http://CA-1/CRL/juniper_us_crlfile.crl
    Use for key: CRL signing, Certificate signing
[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

[an error occurred while processing this directive]