Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


request security pki node-local local-certificate enroll



Enroll and install a local digital certificate online by using CMPv2 or Simple Certificate Enrollment Protocol (SCEP). This command loads both end-entity (EE) and CA certificates based on the CA server configuration. Certificate revocation list (CRL) or Online Certificate Status Protocol (OCSP) can be used to check the revocation status of a certificate.


ca-profile ca-profile-name

CA profile name.

certificate-id certificate-id-name

Name of the local digital certificate and the public/private key pair.

challenge-password password

Password set by the administrator and normally obtained from the SCEP enrollment webpage of the CA. The password is 16 characters in length


Enroll certificate using CMPv2 protocol.

domain-name domain-name

Fully qualified domain name (FQDN). The FQDN provides the identity of the certificate owner for Internet Key Exchange (IKE) negotiations and provides an alternative to the subject name.

email email-address

E-mail address of the certificate holder.

ip-address ip-address

IP address of the router.

ipv6-address ipv6-address

IPv6 address of the router for the alternate subject.


Enroll certificate using Simple Certificate Enrollment Protocol (SCEP) protocol.


Hash algorithm digest, either MD5 or SHA-1; SHA-1 is the default.


Encryption algorithm, either DES or DES3; DES3 is the default.

subject subject-distinguished-name

Distinguished Name (DN) format that contains the domain component, common name, department, serial number, company name, state, and country in the following format: DC, CN, OU, O, SN, L, ST, C.

  • DC—Domain component

  • CN—Common name

  • OU—Organizational unit name

  • O—Organization name

  • SN—Serial number of the device

    If you define SN in the subject field without the serial number, then the serial number is read directly from the device and added to the certificate signing request (CSR).

  • ST—State

  • C—Country

Required Privilege Level

maintenance and security

Output Fields

When you enter this command, you are provided feedback on the status of your request.

Sample Output


Release Information

Command introduced in Junos OS Release 22.3R1.