Hide Navigation Pane
Show Navigation Pane
Feedback
Download
SHA1
Example: Manually Loading a CRL onto the Device (CLI)
You can load a CRL manually, or you can have the device load it automatically when you verify certificate validity. To load a CRL manually, you obtain the CRL from a CA and transfer it to the device (for example, using FTP).
Before you begin:
- Generate a public and private key pair. See Example: Generating a Public-Private Key Pair (CLI).
- Generate a certificate request. See Example: Generating a Local Certificate Request Manually (CLI).
- Configure a certificate authority (CA) profile. See Example: Configuring a Certificate Authority Profile (CLI).
- Load your certificate onto the device. See Example: Loading CA and Local Certificates Manually (CLI).
With the following command, you load a CRL certificate called revoke.crl from the /var/tmp directory on the device. The CA profile is called ca-profile-ipsec. (Maximum file size is 5 MB.)
user@host> request security pki crl load ca-profile
ca-profile-ipsec filename /var/tmp/revoke.crl
 | Note: Junos OS supports loading of CA certificates in X509, PKCS #7, DER, or PEM formats. |
Related Topics
- Junos OS Feature Support Reference for SRX Series and J Series Devices
- Understanding Certificate Revocation Lists
- Digital Certificates Configuration Overview
