Platform and Infrastructure
-
PKI usability enhancements (MX240, MX480, MX960, SRX Series, and vSRX)—Starting in Junos OS Release 21.4R1, we’ve enhanced PKI commands to provide additional details about the local and certificate authority (CA)-issued certificates. With these enhancements, you can:
- View the CA certificate status of a CA profile group using the
request security pki ca-profile-group-status ca-group-name group-name
command. See request security pki ca-profile-group-status. - Configure certificate automatic reenrollment trigger time in days, hours, or
percentage using the
set security pki auto-re-enrollment cmpv2 certificate-id certificate-id-name re-enroll-time (days value| hours value| percentage value)
orset security pki auto-re-enrollment scep certificate-id certificate-id-name re-enroll-time (days value| hours value| percentage value)
command. See auto-re-enrollment. - View the CA chain, SHA256 fingerprint, and certificate serial number (hexadecimal and
decimal format) for a local certificate using the
show security pki local certificate <cert_id> detail
command. See show security pki local-certificate (View). - View the CA profile associated with a CA certificate and SHA256 fingerprint using the
show security pki ca-certificate <brief|detail>
command. See show security pki ca-certificate (View). - View additional verification information about local and CA certificate using the
request security pki local-certificate verify
and therequest security pki ca-certificate verify
command, respectively. See request security pki ca-certificate verify (Security) and request security pki local-certificate verify (Security). - View more PKI-related statistics using the
show security pki statistics
command. Clear the PKI statistics using theclear security pki statistics
command. See show security pki statistics and clear security pki statistics.
- View the CA certificate status of a CA profile group using the