Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Platform and Infrastructure

  • PKI usability enhancements (MX240, MX480, MX960, SRX Series, and vSRX)—Starting in Junos OS Release 21.4R1, we’ve enhanced PKI commands to provide additional details about the local and certificate authority (CA)-issued certificates. With these enhancements, you can:

    • View the CA certificate status of a CA profile group using the request security pki ca-profile-group-status ca-group-name group-name command. See request security pki ca-profile-group-status.
    • Configure certificate automatic reenrollment trigger time in days, hours, or percentage using the set security pki auto-re-enrollment cmpv2 certificate-id certificate-id-name re-enroll-time (days value| hours value| percentage value) or set security pki auto-re-enrollment scep certificate-id certificate-id-name re-enroll-time (days value| hours value| percentage value) command. See auto-re-enrollment.
    • View the CA chain, SHA256 fingerprint, and certificate serial number (hexadecimal and decimal format) for a local certificate using the show security pki local certificate <cert_id> detail command. See show security pki local-certificate (View).
    • View the CA profile associated with a CA certificate and SHA256 fingerprint using the show security pki ca-certificate <brief|detail> command. See show security pki ca-certificate (View).
    • View additional verification information about local and CA certificate using the request security pki local-certificate verify and the request security pki ca-certificate verify command, respectively. See request security pki ca-certificate verify (Security) and request security pki local-certificate verify (Security).
    • View more PKI-related statistics using the show security pki statistics command. Clear the PKI statistics using the clear security pki statistics command. See show security pki statistics and clear security pki statistics.