[Contents] [Prev] [Next] [Index] [Report an Error]

Obtaining Digital Certificates through SCEP

You can use SCEP to help manage how you obtain digital certificates, or you can manually add certificates.

For information about manually obtaining certificates, see Manually Obtaining Digital Certificates .

To add a signed certificate that you obtain through SCEP:

  1. Request a CA certificate through SCEP.
    user@host> request security get-ca-certificate url url ca_identifier ca_identifier

    where:

    For example, to request a certificate from the CA authority SdxCA at a specified URL on the server security_server: 

    user@host> request security get-ca-certificate url 
http://security_server:8080/ejbca/publicweb/apply/scep/pkiclient.exe 
ca-identifier SdxCA

    
               
    Version: 3
Serial Number: 5721058705923989279
Signature Algorithm: SHA1withRSA
Issuer: CN=SdxCA
Valid From: Wed Sep 06 17:00:55 EDT 2006
Valid Until: Sat Sep 03 17:10:55 EDT 2016
Subject: CN=SdxCA
Public key: RSA
Thumbprint Algorithm: SHA1
Thumbprint: 3c 57 a9 77 af 83 3 e9 c7 1e ee e2 4a e8 ff f3 89 f4 11 a9
Do you want to add the above certificate as a trusted CA [yes,no] ? (no) y
    
               
    
            
    
         
    2. 
         
  2. Request that the certificate authority automatically sign
            the certificate request.
            
    
                  
    
                     
    user@host> request security enroll subject  subject   password  password  
                     
    
                     
    
                  
    
            
    where:
    
            
            
    For example, to request a certificate from
               the CA authority SdxCA at a specified URL on the server security_server:
            
    
               
    user@host> request security enroll url http://security_server:8080/ejbca/publicweb/apply/scep/pkiclient.exe identifier web ca-identifier SdxCA subject cn=myhost password mypassword 
    
               
    
               
    Received certificate:
Version: 3
Serial Number: 6822890691617224432
Signature Algorithm: SHA1withRSA
Issuer: CN=SdxCA
Valid From: Tue Sep 19 16:33:11 EDT 2006
Valid Until: Thu Sep 18 16:43:11 EDT 2008
Subject: CN=myhost
Public key: RSA
Do you want to install the above certificate [yes,no] ? (no) y
    
            
    
         
    3. 
         
  3. Verify that the certificate is part of the SRC configuration.
    
               
    user@host> show security certificate
web subject:CN=myhost
    
               
    
            
    
            
    If there are no certificates on the system, the
               CLI displays the following message:
            
    
               
    No entity certificates in key store
    
            
    
         
    4. 
      

      
Related Topics

      
      

      [Contents]
      [Prev]
      [Next]
      
      [Index]
      
      [Report an Error]
      


         

            

               
               Copyright © 2009, Juniper Networks, Inc.
                  All rights reserved.
                  	Trademark Notice.