show security pki ca-certificate

Syntax

show security pki ca-certificate<brief | detail><ca-profile ca-profile-name >

Release Information

Command modified in Release 8.5 of Junos OS.

Description

Display information about the certificate authority (CA) public key infrastructure (PKI) digital certificates configured on the device.

Options

none—Display basic information about all configured CA certificates.

brief | detail—(Optional) Display the specified level of output.

ca-profile ca-profile-name- (Optional) Display information about only the specified CA certificate.

Required Privilege Level

view

Related Topics

ca-profile

request security pki ca-certificate verify

Junos System Basics and Services Command Reference

List of Sample Output

show security pki ca-certificate ca-profile juniper brief
show security pki ca-certificate ca-profile juniper detail

Output Fields

Table 137 lists the output fields for the show security pki ca-certificate command. Output fields are listed in the approximate order in which they appear.

Table 137: show security pki ca-certificate Output Fields

Field Name

Field Description

Certificate identifier

Name of the digital certificate.

Certificate version

Revision number of the digital certificate.

Serial number

Unique serial number of the digital certificate.

Issued to

Device that was issued the digital certificate.

Issued by

Authority that issued the digital certificate.

Issuer

Authority that issued the digital certificate, including details of the authority organized using the distinguished name format. Possible subfields are:

  • Organization—Organization of origin.
  • Organizational unit—Department within an organization.
  • Country—Country of origin.
  • Locality—Locality of origin.
  • Common name—Name of the authority.

Subject

Details of the digital certificate holder organized using the distinguished name format. Possible subfields are:

  • Organization—Organization of origin.
  • Organizational unit—Department within an organization.
  • Country—Country of origin.
  • Locality—Locality of origin.
  • Common name—Name of the authority.

Validity

Time period when the digital certificate is valid. Values are:

  • Not before—Start time when the digital certificate becomes valid.
  • Not after—End time when the digital certificate becomes invalid.

Public key algorithm

Encryption algorithm used with the private key, such as rsaEncryption(1024 bits).

Signature algorithm

Encryption algorithm that the CA used to sign the digital certificate, such as sha1WithRSAEncryption.

Fingerprint

Secure Hash Algorithm (SHA1) and Message Digest 5 (MD5) hashes used to identify the digital certificate.

Distribution CRL

Distinguished name information and the URL for the certificate revocation list (CRL) server.

Use for key

Use of the public key, such as Certificate signing, CRL signing, Digital signature, or Data encipherment.

Sample Output

show security pki ca-certificate ca-profile juniper brief

user@host> show security pki ca-certificate ca-profile juniper brief 
  Certificate identifier: kpradeep.juniper.net
    Issued to: kpradeep.juniper.net, Issued by: kpradeep.juniper.net
    Validity:
      Not before: 2005 Jul  8th, 12:44:54 GMT
      Not after: 2010 Jul  8th, 12:46:07 GMT
    Public key algorithm: rsaEncryption(1024 bits)
  Certificate identifier: kpradeep.juniper.net
    Issued to: kpradeep.newra.juniper.net, Issued by: kpradeep.juniper.net
    Validity:
      Not before: 2005 Jul 12th, 12:48:32 GMT
      Not after: 2006 Jul 12th, 12:58:32 GMT
    Public key algorithm: rsaEncryption(1024 bits)
  Certificate identifier: kpradeep.juniper.net
    Issued to: kpradeep.newra.juniper.net, Issued by: kpradeep.juniper.net
    Validity:
      Not before: 2005 Jul 12th, 12:48:32 GMT
      Not after: 2006 Jul 12th, 12:58:32 GMT
    Public key algorithm: rsaEncryption(1024 bits)

Sample Output

show security pki ca-certificate ca-profile juniper detail

user@host> show security pki ca-certificate ca-profile juniper detail 
Certificate identifier: kpradeep.juniper.net
    Certificate version: 3
    Serial number: 1442 8439 1974 7864 6894 2623 4704 6564 1574
    Issuer:
      Common name: kpradeep.juniper.net
    Subject:
      Common name: kpradeep.juniper.net
    Validity:
      Not before: 2005 Jul  8th, 12:44:54 GMT
      Not after: 2010 Jul  8th, 12:46:07 GMT
    Public key algorithm: rsaEncryption(1024 bits)
      e8:ba:49:61:42:c4:3e:81:07:19:8d:cd:38:cc:85:9b:ff:d2:c6:90:04:fa
      18:58:8a:03:59:57:3d:b2:f0:06:62:a7:93:db:4e:8c:5d:6d:14:80:4e:38
      03:69:64:ac:56:cf:72:d7:49:d1:00:45:c8:02:68:fd:e0:af:98:78:b1:b9
      ee:9c:ad:21:f2:9d:7b:06:c4:71:b2:be:f4:e3:58:af:22:3b:ae:dc:1a:5e
      f2:35:2c:0b:49:23:ee:2e:ba:e4:9a:24:f3:ff:01:5c:20:92:1d:76:51:fb
      6b:bb:45:65:2f:db:2b:d7:e5:7d:03:9b:3e:21:88:75:46:5f
    Signature algorithm: sha1WithRSAEncryption
    Fingerprint:
      00:8e:6f:58:dd:68:bf:25:0a:e3:f9:17:70:d6:61:f3:53:a7:79:10 (sha1)
      71:6f:6a:76:17:9b:d6:2a:e7:5a:72:97:82:6d:26:86 (md5)
    Distribution CRL: 
      file://\\multiplex\CertEnroll\kpradeep.juniper.net.crl
      http://multiplex/CertEnroll/kpradeep.juniper.net.crl
    Use for key: CRL signing, Certificate signing, Digital signature
  Certificate identifier: kpradeep.juniper.net
    Certificate version: 3
    Serial number: 9998 7697 0440 0585 1234
    Issuer:
      Common name: kpradeep.juniper.net
    Subject:
      Organization: Juniper Networks, Organizational unit: Pepsi, Country: IN,
      Locality: Bangalore, Common name: kpradeep.newra.juniper.net
    Validity:
      Not before: 2005 Jul 12th, 12:48:32 GMT
      Not after: 2006 Jul 12th, 12:58:32 GMT
    Public key algorithm: rsaEncryption(1024 bits)
      bd:26:77:95:16:23:b4:82:fc:cd:ea:fe:28:41:d4:d3:fd:df:f7:76:03:a6
      23:3a:8a:6e:9e:25:41:e3:96:57:4a:bf:dc:5e:f2:09:a6:07:79:02:f7:40
      1b:b9:79:70:79:65:c8:70:d9:6a:bd:a9:9c:cd:b3:39:80:e5:5a:c7:74:66
      4a:05:b7:3b:ed:7a:99:e9:4b:58:e6:e7:69:9a:79:d4:c1:a5:26:12:5e:8d
      3b:d1:b0:22:df:a9:ba:a2:23:73:21:1b:62:44:72:ad:c0:c3:7c:56:e8:ea
      fe:ae:81:2b:44:8b:fe:da:ea:e3:18:85:bf:05:ea:28:8d:4b
    Signature algorithm: sha1WithRSAEncryption
    Fingerprint:
      46:71:15:34:f0:a6:41:76:65:81:33:4f:68:47:c4:df:78:b8:e3:3f (sha1)
      ee:cc:c7:f4:5d:ac:65:33:0a:55:db:59:72:2c:dd:16 (md5)
    Distribution CRL: 
      file://\\multiplex\CertEnroll\kpradeep.juniper.net.crl
      http://multiplex/CertEnroll/kpradeep.juniper.net.crl
    Use for key: Data encipherment, Key encipherment
  Certificate identifier: kpradeep.juniper.net
    Certificate version: 3
    Serial number: 9998 7666 0817 5841 3062
    Issuer:
      Common name: kpradeep.juniper.net
    Subject:
      Organization: Juniper Networks, Organizational unit: Pepsi, 
                        Country: IN,
      Locality: Bangalore, Common name: kpradeep.newra.juniper.net
    Validity:
      Not before: 2005 Jul 12th, 12:48:32 GMT
      Not after: 2006 Jul 12th, 12:58:32 GMT
    Public key algorithm: rsaEncryption(1024 bits)
      b6:b8:70:5f:c5:c5:c4:6d:be:a5:1e:19:12:b2:d4:8f:44:01:89:aa:66:98
      2d:21:0c:a2:45:04:ac:09:f6:8f:c7:ae:c3:40:d7:f4:b7:d8:8f:f1:21:d0
      c5:f0:b4:ea:05:c6:92:3a:e6:2e:33:0f:7b:a0:e1:de:16:52:13:09:16:91
      01:4a:bb:1e:f5:8d:98:e1:e4:2a:03:81:46:4f:1a:a3:20:4e:4d:5c:6e:f5
      ab:7e:08:81:b3:c0:78:2d:7b:ae:be:db:56:1e:6d:34:1f:a3:20:6e:7f:59
      a0:f1:d6:52:d9:35:5d:0a:f6:b4:ef:97:47:5b:0e:d3:11:2b
    Signature algorithm: sha1WithRSAEncryption
    Fingerprint:
      bc:78:87:9b:a7:91:13:20:71:db:ac:b5:56:71:42:ad:1a:b6:46:17 (sha1)
      23:79:40:c9:6d:a6:f0:ca:e0:13:30:d4:29:6f:86:79 (md5)
    Distribution CRL: 
      file://\\multiplex\CertEnroll\kpradeep.juniper.net.crl
      http://multiplex/CertEnroll/kpradeep.juniper.net.crl
    Use for key: Non repudiation, Digital signature
Copyright© 1999-2010 Juniper Networks, Inc. All rights reserved.