[Contents] [Prev] [Next] [Index] [Report an Error]

Obtaining a Signed Certificate from the CA (ES PIC)

To obtain signed certificate from the CA, issue the following command:

user@host> request security certificate enroll filename filename subject c=us,o=x alternative-subject certificate-ip-address certification-authority certificate-authority key-filekey-file-name domain-name domain-name

The results are saved in a specified file to the /var/etc/ikecert directory.

Example: Obtaining a Signed Certificate

Obtain a CA signed certificate by referencing the configured certification-authority statement local . This statement is referenced by the request security certificate enroll filename m subject c=us,0=x alternative subject 1.1.1.1 certification-authority command.

[edit]
security {
certificates {
certification-authority local {
ca-name xyz.company.com;
file l;
enrollment-url "http://www.xyzcompany.com";
}
}
}

To obtain a signed certificate from the CA, issue the following command:

user@host> request security certificate enroll filename I subject c=uk,o=london alternative-subject 10.50.1.4 certification-authority verisign key-file host-1.prv domain-name host.xyzcompany.com
CA name: xyz.company.com CA file: ca_verisign
local pub/private key pair: host.prv
subject: c=uk,o=london domain name: host.juniper.net
alternative subject: 10.50.1.4
Encoding: binary
Certificate enrollment has started. To see the certificate enrollment status, check the key management process (kmd) log file at /var/log/kmd. <--------------

For information about how to use the operational mode commands to obtain a signed certificate, see the JUNOS System Basics and Services Command Reference.

Another way to obtain a signed certificate from the CA is to reference the configured statements such as the URL, CA name, and CA certificate file by means of the certification-authority statement:

user@host> request security certificate enroll filename m subject c=us ,o=x alternative-subject 1.1.1.1 certification-authority local key-file y domain-name abc.company.com
[Contents] [Prev] [Next] [Index] [Report an Error]

Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice.