Hide Navigation Pane
Show Navigation Pane
Feedback
Download
SHA1
Example: Generating a Public-Private Key Pair (CLI)
When you generate a public-private key pair, the device automatically saves the key pair in a file in the certificate store, where it is subsequently used in certificate request commands.
If the device renews a great number of certificates at once, thus using up keys rapidly, it might run out of pregenerated keys and have to generate them promptly for each new request. In this case, the generation of keys might affect the performance of the device, especially in a high-availability environment where the performance of the device might slow down for a number of minutes.
You must have root-level privileges to generate a public-private key pair. When you generate a public-private key pair on the device, the generated key pair is saved as certificate-id.priv.
To generate a public-private key pair named, for example, ca-ipsec, with a key size of 1024 bits, enter the following command:
 | Note: The default RSA key size is 1024 bits. If you are using the Simple Certificate Enrollment Protocol (SCEP), Junos OS supports RSA only. |
Related Topics
- Junos OS Feature Support Reference for SRX Series and J Series Devices
- Understanding Public Key Cryptography
- Example: Verifying Certificate Validity (CLI)
