Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

pki

Syntax

Hierarchy Level

Description

CAUTION:

Enabling tracing can adversely impact scale and performance and may increase security risk. We strongly recommend using the trace, tracing, or traceoptions commands only under the guidance of a JTAC support engineer. After collecting the debug information, immediately disable tracing to minimize risk and restore normal system performance.

Configure an IPsec profile and related options to request digital certificates. The Public Key Infrastructure (PKI) provides an infrastructure for digital certificate management.

You can use ‘trusted-ca’ option to specify ca-profiles that are trusted by the NTS clients. You can specify a trusted ca-group (defined under PKI) or ca-profile by name. This configuration is optional and if it is not specified then, NTP trusts all loaded ca-profiles for NTS. Only client can configure trusted-ca options.

Options

auto-re-enrollment

Configure the automatic reenrollment of a local end-entity (EE) certificate.
ca-profile ca-profile-name

Configure certificate authority (CA) profile.
default-trusted-ca-certs

Configure automatic download of default trusted CA certificates.
traceoptions

Configure public key infrastructure (PKI) tracing options.
trusted-ca-group trusted-ca-group-name

Configure trusted certificate authority group.

ca-profiles

Name of the CA profiles. You can configure maximum of 20 CA profiles.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Release Information

Statement modified in Junos OS Release 8.5.

default-trusted-ca-certs option is added in Junos OS Release 23.2R1.

Related Documentation