request security pki ca-certificate ca-profile-group load

Syntax

Description

For SSL forward proxy, you need to load trusted CA certificates on your system. By default, Junos OS provides a list of trusted CA certificates that include default certificates used by common browsers. Alternatively, you can define your own list of trusted CA certificates and import them on to your system.

Use this command to load the default certificates or to specify a path and filename of trusted CA certificates that you define.

The default option is not supported on PTX10003-80C, PTX10003-160C, and PTX10008 routers.

Starting in Junos OS Release 21.4R1, you can get the status of CA certificates configured under default CA profile group by executing request security pki ca-profile-group-status command . With request security pki ca-profile-group-status command, you can verify the number of CA certificates loaded and number of CA certificates missing within a CA profile group.

Starting in Junos OS Release 23.2R1, when you configure dynamic update of trusted ca bundle using the statement default-trusted-ca-certs (Security), the process of loading the default trusted CA certs happens in the background and you need not explicitly run this command for the option filename default. During this process, PKID response might slow for few minutes.

Options

ca-group-name `ca-group-name`	Load the specified CA group profile.
filename `path/filename`	Directory location and filename of the trusted CA certificates defined by you.
filename default	Load the trusted CA certificates available by default.

Required Privilege Level

maintenance

Output Fields

When you enter this command, you are provided feedback on the status of your request.

Sample Output