Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


show security pki statistics



Display standard PKI statistics.



Required Privilege Level


Output Fields

Table 1 lists the output fields for the show security ipsec statistics command.

Table 1: show security ipsec statistics Output Fields
Field Name Field Description
iked_msgs_inv Invalid messages from iked process.
iked_msgs_rxd Messages received from iked process.
iked_msgs_txd Messages sent to iked process.
cc_kp_req Certificate chain keypair requests.
cc_kp_success Certificate chain keypair success.
cc_kp_fail Certificate chain keypair fails (counter of no of certificate key-pair get failure).
cc_id_ip Peer ID type is IP.
cc_id_dn Peer ID type is DN (Domain Name).
cc_id_fqdn Peer ID type is FQDN( Fully Qualified Domain Name).
cc_id_user_fqdn User ID type is FQDN.
cc_verify_req Number of certificate chain verification requests.
cc_verify_success Number of successful certificate verifications.
cc_verify_fail Number of failed certificate verifications
cc_inv_ids IKE IDs did not match EE sub-alt-name .
cc_inv_cert_count Invalid number of CA's in the certificate request.
ocsp_requests_duplicate OCSP duplicate requests.
ocsp_requests_sent OCSP requests sent.
ocsp_resp_success Successful OCSP response.
ocsp_resp_timeout OCSP response timed out.
ocsp_action_fail OCSP next action failed on connection failure.
ocsp_get_req_fail Failed to get OCSP request for a certificate.
ocsp_resp_malformed_req Malformed OCSP response.
ocsp_resp_internal_error OCSP response has an internal error.
ocsp_this_update_failed OCSP response is not valid yet.
ocsp_next_update_failed Invalid next update time in OCSP response.
ocsp_resp_try_later Busy OCSP responder or server. Try again later.
ocsp_resp_sign_required OCSP responder requires signed request.
ocsp_sign_verify_failed OCSP responder signature verification failed.
ocsp_http_parse_error HTTP parsing error for OCSP response.
ocsp_missing_cert_id OCSP response does not have responses for given certificate.
ocsp_resp_unauthorized The OCSP responder does not accept requests from unauthorized clients.
ocsp_rev_status_success OCSP certificate revocation check success.
ocsp_rev_status_revoked OCSP certificate is revoked.
ocsp_rev_status_unknown OCSP certificate revocation status is unknown.
ocsp_nonce_check_failed Nonce check failed for OCSP responder.
crl_entries_created Number of CRL entry created.
crl_entries_deleted Number of CRL entry deleted.
mem_alloc_fails Memory allocation failure.
crl_requests_sent Number of CRL requests sent.
crl_responses_rcd Number of CRL responses received.
crl_download_stop Number of CRL downloads stopped.
crl_timer_start Number of times CRL timer started.
crl_timer_stop Number of times CRL timer stopped.
crl_revoked_certs Number of times certificates revoked due to CRl check.
crl_revoke_skip Number of times CRL revocation check is skipped.
crl_larger_size Received large CRL file greater than maximum file size limit.
crl_download_failed Number of CRL download failures.
crl_mem_alloc_fails Number of CRL entry memory allocation failures.
crl_timer_mem_alloc_fails Number of CRL timer memory allocation failures.
cmpv2_resp_invalid Number of Invalid CMPv2 responses.
cmpv2_resp_invalid_status Failed to get valid CMPv2 response.
cmpv2_resp_http_failed HTTP parsing failed for CMPv2 response.
cmpv2_resp_validation_failed Number of CMPv2 response validation failures.
cmpv2_resp_null Number of NULL CMPv2 response received.
cmpv2_resp_ca_cert_validation_failed Number of CMPv2 CA certificate validation success.
cmpv2_resp_kup_ca_cert_missing CA certificate not found to validate CMPv2 response.
cmpv2_resp_kup_ee_cert_missing EE or local certificate not found to validate CMPv2 response.
cmpv2_resp_null_poll_resp CMPv2 poll-response is null.
cmpv2_resp_no_trusted_ca Trusted CA is not available to validate received CA in CMPv2 response.
cmpv2_resp_success Received valid CMPv2 response.
cmpv2_ctx_set_caPubs_failed Failed to set ca-certificates received flag in CMPv2 context.
cmpv2_ctx_set_extraCerts_failed Failed to set extraCerts field in CMPv2 context.
cmpv2_load_local_failed CMPv2 local certificate load has failed.
cmpv2_load_ca_failed CMPv2 CA certificate load has failed.
cmpv2_poll_reached_max_retries No response from CMPv2 server after maximum configured retries.
cmpv2_send_req_failed Failed to send CMPv2 requests.
cmpv2_resp_nonce_check_failed CMPv2 responder nonce check failed.
cmpv2_resp_stack_missing_issuer Failed to get Issuer certificate for CMPv2 local certificate.
cmpv2_enroll_keypair_missing CMPv2 Keypair does not exist for certificate.
cmpv2_auto_reenroll_new_keypair_missing New key missing during CMPv2 auto-reenrollment.
cmpv2_auto_reenroll_keypair_missing Key pair missing during CMPv2 auto-reenrollment.
cmpv2_auto_reenroll_cert_missing Local certificate is missing during CMPv2 auto-reenrollment.
cmpv2_auto_reenroll_ca_profile_missing CA profile configuration missing during CMPv2 auto-reenrollment.
cmpv2_send_http_req_failed Failed to send CMPv2 HTTP request.
cmpv2_context_init_failed CMPv2 context initialization failed.
cmpv2_context_search_failed CMpv2 context search failed.
cmpv2_context_search_invalid_input CMpv2 context search failed: due to invalid inputs.
cmpv2_context_create_invalid_input CMPv2 context creation failed due to invalid inputs.
cmpv2_context_create_context_exists CMPv2 context creation failed as CMPv2 context already exists.
cmpv2_context_freed CMPv2 context freed.
cmpv2_gen_http_req_i2d_failed: CMPv2 message into DER format failed.
cmpv2_gen_http_req_invalid_pkt_len CMPv2 HTTP request length is invalid.
cmpv2_gen_http_req_failed Failed to generate CMPv2 HTTP request
cmpv2_gen_http_req_invalid_msg_len Failed to generate CMPv2 HTTP request: invalid message length.
cmpv2_search_timer_invalid_input Failed to get CMPv2 timer entry: invalid input.
cmpv2_search_timer_failed Failed to get CMPv2 timer entry.
cmpv2_stop_timer_failed Failed to stop CMPv2 timer.
cmpv2_start_timer_failed Failed to start CMPv2 timer.
cmpv2_send_message_failed Failed to send CMPv2 request to server.
cmpv2_connection_failed Failed to connect to CMPv2 server.
mem_alloc_failed pkid_malloc - failed to allocate memory.
mem_alloc_type_invalid pkid_malloc - invalid type parameter.
mem_free_type_invalid pkid_free - invalid type parameter.
mem_free_alloc_external pkid_free - not allocated by pkid_malloc.
ldap_state_pending_release Pending LDAP state.
ldap_state_released LDAP state is released or freed.
scep_state_pending_release LDAP state needs to be released.
scep_state_released SCEP state structure released or freed.
scep_state_pkey3_initialised SCEP state keypair initialized.
scep_state_pkey3_added Added SCEP state keypair.
scep_state_pkey3_deleted Deleted SCEP state keypair.
scep_ca_query_send_fail Failed to send SCEP request to server.
scep_x509_lu_ca_obj_case: Received SCEP CA certificate case.
scep_x509_lu_pkey_rs_ds_obj_case Received SCEP keypair case.
scep_err_p_subject_is_null Missing subject in SCEP cert request.
scep_p_err_keypair_is_null Keypair missing for certificate during SCEP process.
scep_free_cert_req Freed SCEP certificate request.
scep_reenroll_free_cert_req_info Freed SCEP certificate request information during SCEP re-enrollment.
crl_state_pending_release SCEP CRL check pending.
crl_state_released SCEP CRL state freed.
ca_cert_issuer_verification_fail Failed to CA certificate for given CA.
ae_cn_for_ca_cert_fail Failed to get CA name for given CA certificate.
ae_cn_for_local_cert_fail Failed to get CA name for given local certificate.
ae_get_cert_dn_fail Failed to get subject DN field for given certificate id.
ae_x509_issuer_fail Failed to get issuer certificate for given local certificate.
tpm_ae_key_null TPM key is missing.
tpm_ae_key_gen_fail TPM key generation failed.
tpm_key_gen_failure_uncaught TPM key generation failure not captured.
pkid_db_open PKI configuration DB is opened.
pkid_db_close PKI configuration DB is closed
pkid_db_close_fail Failed to close PKI configured DB.
tpm_ae_success_failure TPM: failed to store keypair to file.
tpm_pkid_opendir_fail Failed to open keypair directory in case of TPM.
hsm_session_create_success HSM session creation success.
hsm_session_create_failure HSM session creation failure.
hsm_key_create_success HSM key creation success.
hsm_key_create_failure HSM key creation failed.
hsm_key_sign_success HSM signature sign success.
hsm_key_sign_failure HSM signature sign failed.
hsm_cert_sign_verify_success HSM signature verification success.
hsm_cert_sign_verify_failure HSM signature verification failed.
hsm_pki_to_ike_success HSM keypair sent to iked process.
hsm_pki_to_ike_failure HSM keypair sent to IKED failed.
hsm_key_sign_verify_failure HSM: private key signing failed at HSM.
hsm_function_initialize_failure: HSM initialization function failed.
hsm_pub_key_retrieval_failure HSM failed to retrieve public key.
hsm_cleanup_failure HSM failed to cleanup data structures.
hsm_session_sign_re_create_success Re-create HSM signature for given session.
hsm_session_sign_re_create_failure Re-create HSM signature for the given session failed.
hsm_ss_key_sign_success HSM self-signed key signature success.
hsm_ss_key_sign_failure HSM self-signed key signature failure.
hsm_ae_local_cert_delete_failure HSM local certificate deletion failure.
hsm_ae_local_cert_verif_failure HSM local certificate verification failure.
hsm_ss_cert_load_failure HSM failed to load the self-signed certificate.
hsm_dummy_key_delete_fail HSM failed to create dummy keypair.
pkid_ha_file_replicate_fail HSM failed to copy file to other node.
pkid_mnha_ae_cert_load_fail MNHA certificate load failed.
pkid_mnha_ae_cert_verification_fail MNHA certificate verification failed.
mnha_file_sync_fail MNHA failed to synchronize file to other node.
kqueue_init_error kqueue initialization failure.
kqueue_cacert_hash_alloc_fail kqueue failed to generate memory for CA certificate hash.
kqueue_cacert_file_open_fail kqueue: failed to open CA certificate file.
kqueue_cacert_start_fail kqueue failed.
kqueue_cacert_kevent_fail kqueue: failed to add kevent.
kqueue_cacert_handler_register_fail kqueue: CA certificate handler function failed.
kqueue_cacrl_hash_alloc_fail kqueue: failed to allocate memory for CRL hash.
kqueue_cacrl_file_open_fail kqueue: failed to open CRL file.
kqueue_cacrl_start_fail kqueue: failed to get CRL.
kqueue_cacrl_kevent_fail kqueue: failed to add kevent for CRL.
kqueue_cacrl_handler_register_fail kqueue: CRL handler function failed.
kqueue_untrusted_ca_hash_alloc_fail kqueue: failed to allocate memory for untrusted CA certificate hash.
kqueue_untrusted_ca_file_open_fail kqueue: failed to open untrusted CA certificate file.
kqueue_untrusted_ca_start_fail kqueue failed for untrusted CA certificate.
kqueue_untrusted_ca_kevent_fail kqueue failed to add untrusted CA certificate event .
kqueue_untrusted_ca_handler_register_fail kqueue: untrusted CA handler function failed.
kqueue_eecert_hash_alloc_fail kqueue: failed to allocate memory for local certificate hash.
kqueue_eecert_file_open_fail kqueue: failed to open local certificate file.
kqueue_eecert_start_fail kqueue: failed to get local certificate.
kqueue_eecert_kevent_fail kqueue failed to add local certificate event.
kqueue_eecert_handler_register_fail kqueue: local certificate handler function failed.
kqueue_key_hash_alloc_fail kqueue: failed to allocate memory for keypair hash.
kqueue_key_file_open_fail kqueue: failed to open keypair file.
kqueue_key_start_fail kqueue: failed to get keypair.
kqueue_key_kevent_fail kqueue failed to add keypair kevent.
kqueue_key_handler_register_fail kqueue: keypair handler function failed.
pkid_certchain_cacert_fail Cannot find the signing certificate in the certificate store.
pkid_certs_less_than_min The chain has less than two certificates. A chain must contain a minimum of two certificates.
pkid_untrust_certs_less_than_min The untrusted certificate chain has less than two certificates.
pkid_ocsp_cert_issuer_null OCSP failed to get the certificate issuer name.

Sample Output

show security ipsec statistics (MX240, MX480, MX960, SRX Series Firewalls and vSRX Virtual Firewall)

Release Information

Command introduced in Junos OS Release 21.4R1.