Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

request security pki local-certificate enroll cmpv2

Syntax

Description

Enroll and install a local digital certificate online by using CMPv2. This command loads both end-entity (EE) and CA certificates based on the CA server configuration. Certificate revocation list (CRL) or Online Certificate Status Protocol (OCSP) can be used to check the revocation status of a certificate.

Options

ca-dn subject-dn

The distinguished name (DN) of the CA enrolling the EE certificate must be specified during enrollment. This optional parameter is mandatory if the CA certificate is not already enrolled. If the CA certificate is already enrolled, the subject DN is extracted from the CA certificate.

ca-profile ca-profile-name

CA profile name.

ca-reference reference

Out-of-band reference value received from the CA server.

ca-secret shared-secret

Out-of-band secret value received from the CA server.

certificate-id certificate-id-name

Name of the local digital certificate and the public/private key pair.

domain-name domain-name

Fully qualified domain name (FQDN). The FQDN provides the identity of the certificate owner for Internet Key Exchange (IKE) negotiations and provides an alternative to the subject name.

email email-address

E-mail address of the certificate holder.

ip-address ip-address

IP address of the router.

ipv6-address ipv6-address

IPv6 address of the router for the alternate subject.

subject subject-distinguished-name

Distinguished Name (DN) format that contains the domain component, common name, department, serial number, company name, state, and country in the following format: DC, CN, OU, O, SN, L, ST, C.

  • DC—Domain component

  • CN—Common name

  • OU—Organizational unit name

  • O—Organization name

  • SN—Serial number of the device

    If you define SN in the subject field without the serial number, then the serial number is read directly from the device and added to the certificate signing request (CSR).

  • ST—State

  • C—Country

Required Privilege Level

maintenance and security

Output Fields

When you enter this command, you are provided feedback on the status of your request.

Sample Output

command-name

Release Information

Command introduced in Junos OS Release 15.1X49-D40.