cert-file (Scripts)
Syntax
cert-file path;
Hierarchy Level
[edit event-options event-script file filename], [edit system extensions extension-service application file filename], [edit system scripts commit file filename], [edit system scripts op file filename], [edit system scripts snmp file filename]
Description
Specify the certificate file (Root CA or self-signed) that the device uses to validate the server's certificate when you refresh a local script from an HTTPS server.
When you issue the set refresh or set refresh-from configuration mode command to refresh a single script or all scripts of a given type from an HTTPS server, the device uses the certificate configured for each script to validate the server's certificate and ensure the server is authentic. If certificate validation is successful, the device refreshes the script.
We do not recommend refreshing scripts from an HTTPS server when the device is unable to authenticate the server because malicious users could compromise the integrity of a script.
Default
If you do not configure the cert-file statement for a script and you attempt to refresh the script from an HTTPS server, the device issues an error that cert-file is mandatory for HTTPS communication.
Options
| path | Absolute path to the certificate (Root CA or self-signed) in Privacy-Enhanced Mail (PEM) format that is used to validate the certificate of the server from which you refresh the script. |
Required Privilege Level
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 21.2R1 and Junos OS Evolved Release 25.2R1.