request security pki node-local local-certificate enroll
Syntax
request security pki node-local local-certificate enroll
ca-dn subject-dn
ca-profile ca-profile name
ca-reference reference
ca-secret shared-secret
certificate-id certificate-id-name
challenge-password password
cmpv2
digist
domain-name domain-name
email email-address
ip-address ip-address
ipv6-address ipv6-address
scep
scep-digest-algorithm
scep-encryption-algorithm
subject subject-distinguished-name
Description
Enroll and install a local digital certificate online by using CMPv2 or Simple Certificate Enrollment Protocol (SCEP). This command loads both end-entity (EE) and CA certificates based on the CA server configuration. Certificate revocation list (CRL) or Online Certificate Status Protocol (OCSP) can be used to check the revocation status of a certificate.
Options
| ca-profile ca-profile-name | CA profile name. |
| certificate-id certificate-id-name |
Name of the local digital certificate and the public/private key pair. |
| challenge-password password | Password set by the administrator and normally obtained from the SCEP enrollment webpage of the CA. The password is 16 characters in length |
| cmpv2 |
Enroll certificate using CMPv2 protocol. |
| domain-name domain-name | Fully qualified domain name (FQDN). The FQDN provides the identity of the certificate owner for Internet Key Exchange (IKE) negotiations and provides an alternative to the subject name. |
| email email-address | E-mail address of the certificate holder. |
| ip-address ip-address | IP address of the router. |
| ipv6-address ipv6-address | IPv6 address of the router for the alternate subject. |
| scep |
Enroll certificate using Simple Certificate Enrollment Protocol (SCEP) protocol. |
| scep-digest-algorithm |
Hash algorithm digest, either MD5 or SHA-1; SHA-1 is the default. |
| scep-encryption-algorithm |
Encryption algorithm, either DES or DES3; DES3 is the default. |
| subject subject-distinguished-name | Distinguished Name (DN) format that contains the domain component, common name, department, serial number, company name, state, and country in the following format: DC, CN, OU, O, SN, L, ST, C.
|
Required Privilege Level
maintenance and security
Output Fields
When you enter this command, you are provided feedback on the status of your request.
Sample Output
command-name
user@host> request security pki node-local local-certificate enroll cmpv2 ca-profile root-552 ca-dn DC=example,CN=root-552 certificate-id tc552 email tc552-root@example.net domain-name example.net ip-address 10.192.0.22 ca-secret example ca-reference 51892 subject CN=example,OU=SBU,O=552-22 Certificate enrollment has started. To view the status of your enrollment, check the public key infrastructure log (pkid) log file at /var/log/pkid.
Release Information
Command introduced in Junos OS Release 22.3R1.