request security pki local-certificate enroll
Syntax
Release Information
Command introduced in Junos OS Release 7.5.
Description
(Adaptive services interfaces only) Request that a CA enroll and install a local digital certificate online by using the Simple Certificate Enrollment Protocol (SCEP).
Options
- ca-profile ca-profile-name
CA profile name.
- certificate-id certificate-id-name
Name of the local digital certificate and the public/private key pair.
- challenge-password password
Password set by the administrator and normally obtained from the SCEP enrollment web page of the CA. The password is 16 characters in length.
- domain-name domain-name
Fully qualified domain name (FQDN). The FQDN provides the identity of the certificate owner for Internet Key Exchange (IKE) negotiations and provides an alternative to the subject name.
- subject subject-distinguished-name
Distinguished name format that contains the common name, department, company name, state, and country:
- CN—Common name
- OU—Organizational unit name
- O—Organization name
- ST—State
- C—Country
- ip-address ip-address
(Optional) IP address of the router.
- validity-end-time end-time
(Optional) Endpoint in time when the digital certificate becomes invalid. You must configure the time in the following format: YYYY-MO-DD.HH:MN:SS. If you do not specify an end time value, the end time is assigned by the default CA policy.
- YYYY—Year (for example, 2005)
- MO—Month (01 through 12)
- DD—Day (01 through 31)
- HH—Hours (00 through 23)
- MN—Minutes (00 through 59)
- SS—Seconds (00 through 59)
- validity-start-time start-time
(Optional) Start time that the digital certificate is valid, in the following format: YYYY-MO-DD.HH:MN:SS. If you do not specify the start time value, the current time is used.
- YYYY—Year (for example, 2005)
- MO—Month (01 through 12)
- DD—Day (01 through 31)
- HH—Hours (00 through 23)
- MN—Minutes (00 through 59)
- SS—Seconds (00 through 59)
Additional Information
Specifying a validity-end-time and a validity-start-time is optional. However, you cannot configure only an end time or a start time. You must configure both an end time and a start time if you do not want to use the default values.
Required Privilege Level
maintenance
Related Topics
List of Sample Output
request security pki local-certificate enrollOutput Fields
When you enter this command, you are provided feedback on the status of your request.
Sample Output
request security pki local-certificate enroll
user@host> request security pki local-certificate
enroll certificate-id r3-entrust-scep ca-profile entrust domain-name
router3.juniper.net subject "CN=router3,OU=Engineering,O=juniper,C=US"
challenge-password 123Certificate enrollment has started. To view the status of your enrollment, check the key management process (kmd) log file at /var/log/kmd. Please save the challenge-password for revoking this certificate in future. Note that this password is not stored on the router.
