show security pki ca-certificate
Syntax
show security pki ca-certificate <brief | detail> <ca-profile ca-profile-name>
Description
Display information about certificate authority (CA) digital certificates installed in the router.
Options
| none |
(Same as brief) Display information about all CA digital certificates. |
| brief | detail |
(Optional) Display the specified level of output. |
| ca-profile ca-profile-name |
(Optional) Display information about only the specified CA profile. |
Required Privilege Level
view
Output Fields
Table 1 lists the output fields for the show security pki ca-certificate command. Output fields are listed in the approximate order in which they appear.
|
Field Name |
Field Description |
Level of Output |
|---|---|---|
|
Certificate identifier |
Name of the digital certificate. |
All levels |
|
Certificate version |
Revision number of the digital certificate. |
detail |
|
Serial number |
Unique serial number of the digital certificate. |
detail |
|
Issued by |
Authority that issued the digital certificate. |
none brief |
|
Issued to |
Device that was issued the digital certificate. |
none brief |
|
Issuer |
Authority that issued the digital certificate, including details of the authority organized using the distinguished name format. Possible subfields are:
|
detail |
|
Subject |
Details of the digital certificate holder organized using the distinguished name format. Possible subfields are:
|
detail |
|
Validity |
Time period when the digital certificate is valid. Values are:
|
All levels |
|
Public key algorithm |
Encryption algorithm used with the private key, such as rsaEncryption(1024 bits). |
All levels |
|
Signature algorithm |
Encryption algorithm that the CA used to sign the digital certificate, such as sha1WithRSAEncryption. |
detail |
|
Fingerprint |
Secure Hash Algorithm (SHA1) and Message Digest 5 (MD5) hashes used to identify the digital certificate. |
detail |
|
Distribution CRL |
Distinguished name information and the URL for the certificate revocation list (CRL) server. |
detail |
|
Use for key |
Use of the public key, such as Certificate signing, CRL signing, Digital signature, or Key encipherment. |
detail |
Sample Output
show security pki ca-certificate
user@host> show security pki ca-certificate
Certificate identifier: abc
Issued to: example, Issued by: exmple
Validity:
Not before: 2005 Oct 18th, 23:54:22 GMT
Not after: 2025 Oct 19th, 00:24:22 GMT
Public key algorithm: rsaEncryption(1024 bits)
Certificate identifier: entrust
Issued to: First Officer, Issued by: example
Validity:
Not before: 2005 Oct 18th, 23:55:59 GMT
Not after: 2008 Oct 19th, 00:25:59 GMT
Public key algorithm: rsaEncryption(1024 bits)
Certificate identifier:abe
Issued to: First Officer, Issued by: example
Validity:
Not before: 2005 Oct 18th, 23:55:59 GMT
Not after: 2008 Oct 19th, 00:25:59 GMT
Public key algorithm: rsaEncryption(1024 bits)
show security pki ca-certificate detail
user@host> show security pki ca-certificate detail
Certificate identifier: entrust
Certificate version: 3
Serial number: 4355 9235
Issuer:
Organization: example, Country: us
Subject:
Organization: example, Country: us
Validity:
Not before: 2005 Oct 18th, 23:54:22 GMT
Not after: 2025 Oct 19th, 00:24:22 GMT
Public key algorithm: rsaEncryption(1024 bits)
cb:9e:2d:c0:70:f8:ea:3c:f2:b5:f0:02:48:87:dc:68:99:a3:57:4f
0e:b9:98:0b:95:47:0d:1f:97:7c:53:17:dd:1a:f8:da:e5:08:d1:1c
78:68:1f:2f:72:9f:a2:cf:81:e3:ce:c5:56:89:ce:f0:97:93:fa:36
19:3e:18:7d:8c:9d:21:fe:1f:c3:87:8d:b3:5d:f3:03:66:9d:16:a7
bf:18:3f:f0:7a:80:f0:62:50:43:83:4f:0e:d7:c6:42:48:c0:8a:b2
c7:46:30:38:df:9b:dc:bc:b5:08:7a:f3:cd:64:db:2b:71:67:fe:d8
04:47:08:07:de:17:23:13
Signature algorithm: sha1WithRSAEncryption
Fingerprint:
00:8e:6f:58:dd:68:bf:25:0a:e3:f9:17:70:d6:61:f3:53:a7:79:10 (sha1)
71:6f:6a:76:17:9b:d6:2a:e7:5a:72:97:82:6d:26:86 (md5)
Distribution CRL:
C=us, O=example, CN=CRL1
http://CA-1/CRL/example_us_crlfile.crl
Use for key: CRL signing, Certificate signing
Certificate identifier: entrust
Certificate version: 3
Serial number: 4355 925c
Issuer:
Organization: example, Country: us
Subject:
Organization: example, Country: us, Common name: First Officer
Validity:
Not before: 2005 Oct 18th, 23:55:59 GMT
Not after: 2008 Oct 19th, 00:25:59 GMT
Public key algorithm: rsaEncryption(1024 bits)
c0:a4:21:32:95:0a:cd:ec:12:03:d1:a2:89:71:8e:ce:4e:a6:f9:2f
1a:9a:13:8c:f6:a0:3d:c9:bd:9d:c2:a0:41:77:99:1b:1e:ed:5b:80
34:46:f8:5b:28:34:38:2e:91:7d:4e:ad:14:86:78:67:e7:02:1d:2e
19:11:b7:fa:0d:ba:64:20:e1:28:4e:3e:bb:6e:64:dc:cd:b1:b4:7a
ca:8f:47:dd:40:69:c2:35:95:ce:b8:85:56:d7:0f:2d:04:4d:5d:d8
42:e1:4f:6b:bf:38:c0:45:1e:9e:f0:b4:7f:74:6f:e9:70:fd:4a:78
da:eb:10:27:bd:46:34:33
Signature algorithm: sha1WithRSAEncryption
Fingerprint:
bc:78:87:9b:a7:91:13:20:71:db:ac:b5:56:71:42:ad:1a:b6:46:17 (sha1)
23:79:40:c9:6d:a6:f0:ca:e0:13:30:d4:29:6f:86:79 (md5)
Distribution CRL:
C=us, O=example, CN=CRL1
http://CA-1/CRL/example_us_crlfile.crl
Use for key: Key encipherment
Certificate identifier: entrust
Certificate version: 3
Serial number: 4355 925b
Issuer:
Organization: example, Country: us
Subject:
Organization: example, Country: us, Common name: First Officer
Validity:
Not before: 2005 Oct 18th, 23:55:59 GMT
Not after: 2008 Oct 19th, 00:25:59 GMT
Public key algorithm: rsaEncryption(1024 bits)
ea:75:c4:f3:58:08:ea:65:5c:7e:b3:de:63:0a:cf:cf:ec:9a:82:e2
d7:e8:b9:2f:bd:4b:cd:86:2f:f1:dd:d8:a2:95:af:ab:51:a5:49:4e
00:10:c6:25:ff:b5:49:6a:99:64:74:69:e5:8c:23:5b:b4:70:62:8e
e4:f9:a2:28:d4:54:e2:0b:1f:50:a2:92:cf:6c:8f:ae:10:d4:69:3c
90:e2:1f:04:ea:ac:05:9b:3a:93:74:d0:59:24:e9:d2:9d:c2:ef:22
b9:32:c7:2c:29:4f:91:cb:5a:26:fe:1d:c0:36:dc:f4:9c:8b:f5:26
af:44:bf:53:aa:d4:5f:67
Signature algorithm: sha1WithRSAEncryption
Fingerprint:
46:71:15:34:f0:a6:41:76:65:81:33:4f:68:47:c4:df:78:b8:e3:3f (sha1)
ee:cc:c7:f4:5d:ac:65:33:0a:55:db:59:72:2c:dd:16 (md5)
Distribution CRL:
C=us, O=example, CN=CRL1
http://CA-1/CRL/example_us_crlfile.crl
Use for key: Digital signature
Release Information
Command introduced in Junos OS Release 7.5.