 | Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |
Obtain a CA signed certificate by referencing the configured certification-authority statement local . This statement is referenced by the request security certificate enroll filename m subject c=us,0=x alternative subject 1.1.1.1 certification-authority command.
- [edit]
- security {
-
- certificates {
-
- certification-authority local {
- ca-name xyz.company.com;
- file l;
- enrollment-url "http://www.xyzcompany.com";
- }
- }
- }
To obtain a signed certificate from the CA, issue the following command:
- user@host> request security certificate enroll
filename I subject c=uk,o=london alternative-subject
10.50.1.4 certification-authority verisign key-file host-1.prv domain-name host.xyzcompany.com
- CA name: xyz.company.com CA file: ca_verisign
- local pub/private key pair: host.prv
- subject: c=uk,o=london domain name: host.juniper.net
- alternative subject: 10.50.1.4
- Encoding: binary
- Certificate enrollment has started. To see the certificate
enrollment status, check the key management process (kmd) log file
at /var/log/kmd. <--------------
For information about how to use the operational mode commands to obtain a signed certificate, see the JUNOS System Basics and Services Command Reference.
Another way to obtain a signed certificate from the CA is to reference the configured statements such as the URL, CA name, and CA certificate file by means of the certification-authority statement:
- user@host> request security certificate enroll
filename m subject c=us,o=x alternative-subject 1.1.1.1 certification-authority local key-file
y domain-name abc.company.com
| Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |