Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


show security pki crl



Display information about the certificate revocation lists (CRLs) that are stored in the router.



(same as brief) Display information about all CRLs.

brief | detail

(Optional) Display the specified level of output.

ca-profile ca-profile-name

(Optional) Display CRL information about only the specified CA profile.

Required Privilege Level


Output Fields

Table 1 shows the output fields for the show security pki crl command. Output fields are listed in the approximate order in which they appear.

Table 1: show security pki crl Output Fields

Field Name

Field Description

Level of Output

CA profile

Name of the configured CA profile.

All levels

CRL version

Revision number of the certificate revocation list.

All levels

CRL number

Number of the certificate revocation list

All levels

CRL Issuer

Device that was issued the certificate revocation list.

All levels


Details of the digital certificate holder organized using the distinguished name format. Possible subfields are:

  • Common name—Name of the authority.

  • Organization—Organization of origin.

  • Organizational unit—Department within an organization.

  • State—State of origin.

  • Country—Country of origin.


Effective date

Date and time the certificate revocation list becomes valid.

All levels

Next update

Date and time the router will download the latest version of the certificate revocation list.

All levels

Revocation List

List of digital certificates that have been revoked before their expiration date. Values are:

  • Serial number—Unique serial number of the digital certificate

  • Revocation date—Date and time that the digital certificate was revoked.


Sample Output

show security pki crl

show security pki crl detail

Release Information

Command introduced in Junos OS Release 8.1.