request security pki generate-certificate-request
Syntax
Release Information
Command introduced in Junos OS Release 7.5.
Description
(Adaptive services interfaces only) Manually generate a local digital certificate request in the Public-Key Cryptography Standards #10 (PKCS-10) format.
Options
- certificate-id certificate-id-name
Name of the local digital certificate and the public/private key pair.
- domain-name domain-name
Fully qualified domain name (FQDN). The FQDN provides the identity of the certificate owner for Internet Key Exchange (IKE) negotiations and provides an alternative to the subject name.
- subject subject-distinguished-name
Distinguished name format that contains the common name, department, company name, state, and country:
- CN—Common name
- OU—Organizational unit name
- O—Organization name
- ST—State
- C—Country
- filename (path | terminal)
(Optional) Location where the local digital certificate request should be placed or the login terminal.
- ip-address ip-address
(Optional) IP address of the router.
- validity-end-time end-time
(Optional) End time that the digital certificate is valid, in the format YYYY-MM-DD.hh:mm:ss. If you do not specify an end time value, the end time is assigned by the default CA policy.
- YYYY—Year (for example, 2005)
- MM—Month (01 through 12)
- DD—Day (01 through 31)
- hh—Hours (00 through 23)
- mm—Minutes (00 through 59)
- ss—Seconds (00 through 59)
- validity-start-time start-time
(Optional) Start time that the digital certificate is valid, in the format YYYY-MM-DD.hh:mm:ss. If you do not specify the start time value, the current time is used.
- YYYY—Year (for example, 2005)
- MM—Month (01 through 12)
- DD—Day (01 through 31)
- hh—Hours (00 through 23)
- mm—Minutes (00 through 59)
- ss—Seconds (00 through 59)
Required Privilege Level
maintenance
List of Sample Output
request security pki generate-certificate-requestOutput Fields
When you enter this command, you are provided feedback on the status of your request.
Sample Output
request security pki generate-certificate-request
user@host> request security pki generate-certificate-request
certificate-id local-entrust2 domain-name router2.juniper.net filename
entrust-req2 subject cn=router2.juniper.netGenerated certificate request -----BEGIN CERTIFICATE REQUEST----- MIIBoTCCAQoCAQAwGjEYMBYGA1UEAxMPdHAxLmp1bmlwZXIubmV0MIGfMA0GCSqG SIb3DQEBAQUAA4GNADCBiQKBgQCiUFklQws1Ud+AqN5DDxRs2kVyKEhh9qoVFnz+ Hz4c9vsy3B8ElwTJlkmIt2cB3yifB6zePd+6WYpf57Crwre7YqPkiXM31F6z3YjX H+1BPNbCxNWYvyrnSyVYDbFj8o0Xyqog8ACDfVL2JBWrPNBYy7imq/K9soDBbAs6 5hZqqwIDAQABoEcwRQYJKoZIhvcNAQkOMTgwNjAOBgNVHQ8BAf8EBAMCB4AwJAYD VR0RAQH/BBowGIIWdHAxLmVuZ2xhYi5qdW5pcGVyLm5ldDANBgkqhkiG9w0BAQQF AAOBgQBc2rq1v5SOQXH7LCb/FdqAL8ZM6GoaN5d6cGwq4bB6a7UQFgtoH406gQ3G 3iH0Zfz4xMIBpJYuGd1dkqgvcDoH3AgTsLkfn7Wi3x5H2qeQVs9bvL4P5nvEZLND EIMUHwteolZCiZ70fO9Fer9cXWHSQs1UtXtgPqQJy2xIeImLgw== -----END CERTIFICATE REQUEST----- Fingerprint: 0d:90:b8:d2:56:74:fc:84:59:62:b9:78:71:9c:e4:9c:54:ba:16:97 (sha1) 1b:08:d4:f7:90:f1:c4:39:08:c9:de:76:00:86:62:b8 (md5)
