show ipsec certificates
Syntax
Release Information
Command introduced before JUNOS Release 7.4.
Description
(Encryption interface on M Series and T Series routers only) Display information about the IPsec certificate database.
Options
- none
Display standard information about all of the entries in the IPsec certificate database.
- brief | detail
(Optional) Display the specified level of output.
- crl crl-name | serial-number
(Optional) Display information about the entries on the certificate revocation list (CRL) or for the specified serial number. A CRL is a timestamped list identifying revoked certificates. The CRL is signed by a certificate authority (CA) or CRL issuer and made freely available in a public repository. Each revoked certificate is identified in a CRL by its certificate serial number.
Required Privilege Level
view
Related Topics
List of Sample Output
show ipsec certificates detailOutput Fields
Table 257 lists the output fields for the show ipsec certificates command. Output fields are listed in the approximate order in which they appear.
Table 257: show ipsec certificates Output Fields
Field Name | Field Description | Level of Output |
|---|---|---|
Database | Display information about the IPsec certificate database.
| All levels |
Subject | Distinguished name for the certificate for C, O, CN, as described in RFC 3280, Internet x.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. | All levels |
ID | Identification number of the database entry. ID is generated by the internal certificate database. | All levels |
References | Reference number the certificate manager has for the particular entry. | detail |
Serial | Unique serial number assigned to each certificate by the CA. | All levels |
Flags | State of the certificate.
| detail |
Validity period starts | Start time that the certificate is valid, in the format yyyy mon dd, hh:mm:ss GMT. | detail |
Validity period ends | End time that the certificate is valid, in the format yyyy mon dd, hh:mm:ss GMT. | detail |
Alternative name information | Auxiliary identity for the certificate: dns-name, email-address, ip-address, or uri (uniform resource identifier). | detail |
Issuer | Information about the entity that has signed and issued the CRL as described in RFC 2459, Internet X.509 Public Key Infrastructure Certificate and CRL Profile. | detail |
Sample Output
show ipsec certificates detail
user@host> show ipsec certificates detail Database: Total entries: 3 Active entries: 4 Locked entries: 1
Subject: C=us, O=x
ID: 5, References: 0, Serial: 22314868
Flags: Trusted Non-root Crl-issuer
Validity period starts: 2003 Mar 1st, 01:20:42 GMT
Validity period ends: 2003 Mar 31st, 01:50:42 GMT
Alternative name information:
IP address: 10.20.210.1
Issuer: C=FI, O=Company-ABC, CN=Company ABC class 2
Subject: C=us, O=x
ID: 4, References: 0, Serial: 22315496
Flags: Trusted Non-root Crl-issuer
Validity period starts: 2003 Mar 1st, 01:21:45 GMT
Validity period ends: 2003 Mar 31st, 01:51:45 GMT
Alternative name information:
IP address: 10.20.210.20
Issuer: C=FI, O=Company-ABC, CN=Company ABC class 2
Subject: C=FI, O=SSH Company-ABC, CN=Company ABC class 2
ID: 1, References: 1, Serial: 1538512
Flags: Trusted Root Non-crl-issuer
Validity period starts: 2001 Aug 1st, 07:08:32 GMT
Validity period ends: 2004 Aug 1st, 07:08:32 GMT
Alternative name information:
Email address: certifier-support@ssh.com
Issuer: C=FI, O=Company-ABC, CN=Company ABC class 2
