Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?




Hierarchy Level


Configure an IPsec profile and related options to request digital certificates. The Public Key Infrastructure (PKI) provides an infrastructure for digital certificate management.

You can use ‘trusted-ca’ option to specify ca-profiles that are trusted by the NTS clients. You can specify a trusted ca-group (defined under PKI) or ca-profile by name. This configuration is optional and if it is not specified then, NTP trusts all loaded ca-profiles for NTS. Only client can configure trusted-ca options.



Configure the automatic reenrollment of a local end-entity (EE) certificate.

ca-profile ca-profile-name

Configure certificate authority (CA) profile.


Configure automatic download of default trusted CA certificates.


Configure public key infrastructure (PKI) tracing options.

trusted-ca-group trusted-ca-group-name

Configure trusted certificate authority group.


Name of the CA profiles. You can configure maximum of 20 CA profiles.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Release Information

Statement modified in Junos OS Release 8.5.

default-trusted-ca-certs option is added in Junos OS Release 23.2R1.