show security pki local-certificate
Syntax
show security pki local-certificate <brief | detail> <certificate-id certificate-id-name> <system-generated>
Description
Display information about the local digital certificates and the corresponding public keys installed in the switch.
Options
| none | (Same as brief) Display information about all local digital certificates and corresponding public keys. |
| brief | detail | (Optional) Display information about local digital certificates and corresponding public keys for the specified level of output. |
| certificate-id certificate-id-name | (Optional) Display information about only the specified the local digital certificate and corresponding public keys. |
| system-generated | (Optional) Display information about the automatically generated self-signed certificate. |
Required Privilege Level
view
Output Fields
Table 1 lists the
output fields for the show security pki local-certificate command. Output fields are listed in the approximate order in which
they appear.
Field Name |
Field Description |
Level of Output |
|---|---|---|
Certificate identifier |
Name of the digital certificate. |
All levels |
Certificate version |
Revision number of the digital certificate. |
detail |
Serial number |
Unique serial number of the digital certificate. |
detail |
Issued by |
Authority that issued the digital certificate. |
none brief |
Issued to |
Device that was issued the digital certificate. |
none brief |
Issuer |
Authority that issued the digital certificate, including details of the authority organized using the distinguished name format. Possible subfields are:
|
detail |
Subject |
Details of the digital certificate holder organized using the distinguished name format. Possible subfields are:
|
detail |
Alternate subject |
Domain name or IP address of the device related to the digital certificate. |
detail |
Validity |
Time period when the digital certificate is valid. Values are:
|
All levels |
Public key algorithm |
Encryption algorithm used with the private key, such as rsaEncryption (1024 bits). |
All levels |
Public key verification status |
Public key verification status: Failed or Passed. The detail output also provides the verification hash. |
All levels |
Signature algorithm |
Encryption algorithm that the CA used to sign the digital certificate, such as sha1WithRSAEncryption. |
detail |
Fingerprint |
Secure Hash Algorithm (SHA1) and Message Digest 5 (MD5) hashes used to identify the digital certificate. |
detail |
Distribution CRL |
Distinguished name information and URL for the certificate revocation list (CRL) server. |
detail |
Use for key |
Use of the public key, such as Certificate signing, CRL signing, Digital signature, or Key encipherment. |
detail |
Sample Output
show security pki local-certificate
user@switch> show security pki local-certificate
Certificate identifier: local-entrust2
Issued to: router2.juniper.net, Issued by: juniper
Validity:
Not before: 2005 Nov 21st, 23:28:22 GMT
Not after: 2008 Nov 21st, 23:58:22 GMT
Public key algorithm: rsaEncryption(1024 bits)
Public key verification status: Passed
show security pki local-certificate detail
user@switch> show security pki local-certificate detail
Certificate identifier: local-entrust3
Certificate version: 3
Serial number: 4355 94f9
Issuer:
Organization: juniper, Country: us
Subject:
Organization: juniper, Country: us, Common name: switch1.juniper.net
Alternate subject: switch1.juniper.net
Validity:
Not before: 2005 Nov 21st, 23:33:58 GMT
Not after: 2008 Nov 22nd, 00:03:58 GMT
Public key algorithm: rsaEncryption(1024 bits)
Public key verification status: Passed
fb:79:df:d4:a9:03:0f:d3:69:7e:c1:e4:27:35:9c:d9:b1:a2:47:78
d2:6d:f3:e5:f4:68:4f:b3:04:45:88:57:99:82:39:a6:51:9e:5f:42
23:3f:d7:6e:3d:a5:54:a9:b1:2d:6e:90:dd:12:8a:bf:ef:2b:20:50
ba:f0:da:d9:0c:ad:5e:d6:c6:98:3a:ae:3f:90:dd:94:78:c1:ea:2e
7c:f0:2d:d4:79:d4:cd:f0:52:df:5e:72:f2:e7:ae:66:f7:61:f4:bc
72:57:3e:6c:6d:d3:24:58:8b:f4:ef:da:2a:6a:fa:eb:98:f8:34:84
79:54:da:4f:d3:6f:52:1f
Signature algorithm: sha1WithRSAEncryption
Fingerprint:
61:3a:d0:b4:7a:16:9b:39:ba:81:3f:9d:ab:34:e5:c8:be:3b:a1:6d (sha1)
60:a0:ff:58:05:4a:65:73:9d:74:3a:e1:83:6f:1b:c8 (md5)
Distribution CRL:
C=us, O=juniper, CN=CRL1
http://CA-1/CRL/juniper_us_crlfile.crl
Use for key: Digital signature
Release Information
Command introduced in Junos OS Release 11.1.