request security pki local-certificate verify (Security)
Syntax
request security pki local-certificate verify certificate-id certificate-id-name
Description
Verify the validity of the local digital certificate identifier.
Options
certificate-id
certificate-id-name — Name of the local digital certificate identifier.
Required Privilege Level
maintenance and security
Output Fields
When you enter this command, you are provided feedback on the status of your request.
Sample Output
- request security pki local-certificate verify certificate-id bme1 (not downloaded)
- request security pki local-certificate verify certificate bme1 (downloaded)
- request security pki local-certificate verify certificate-id pc_hub (Verify certificate revoke status on MX240, MX480, MX960, SRX Series Firewalls and vSRX Virtual Firewall)
- request security pki local-certificate verify certificate-id hub_cert1 (Verify local certificate status when an intermediate CA is deleted for SRX Series Firewalls and vSRX Virtual Firewall)
- request security pki local-certificate verify certificate-id pc1 (Verify enrolled local certificate present in MX240, MX480, MX960, SRX Series Firewalls and vSRX Virtual Firewall)
- request security pki local-certificate verify certificate-id localcert-root (Verify local certificate status when the CA is unreachable for MX240, MX480, MX960, SRX Series Firewalls and vSRX Virtual Firewall)
request security pki local-certificate verify certificate-id bme1 (not downloaded)
You receive the following response before the certificate revocation list (CRL) is downloaded:
user@host> request security pki local-certificate verify certificate-id bme1 Local certificate bme1: CRL verification in progress. Please check the PKId debug logs for completion status
request security pki local-certificate verify certificate bme1 (downloaded)
You receive the following response after the certificate revocation list (CRL) is downloaded:
user@host> request security pki local-certificate verify certificate-id bme1 Local certificate bme1 verification success
request security pki local-certificate verify certificate-id pc_hub (Verify certificate revoke status on MX240, MX480, MX960, SRX Series Firewalls and vSRX Virtual Firewall)
You receive the following response after the local certificate is revoked:
user@host> request security pki local-certificate verify certificate-id pc_hub Local cert pc_hub verification failed. local cert is revoked
request security pki local-certificate verify certificate-id hub_cert1 (Verify local certificate status when an intermediate CA is deleted for SRX Series Firewalls and vSRX Virtual Firewall)
You receive the following response when an intermediate CA certificate is deleted:
user@host> request security pki local-certificate verify certificate-id hub_cert1 Local cert hub_cert1 verification failed. Cannot build cert chain.
request security pki local-certificate verify certificate-id pc1 (Verify enrolled local certificate present in MX240, MX480, MX960, SRX Series Firewalls and vSRX Virtual Firewall)
You receive the following response when the local certificate is missing:
user@host> request security pki local-certificate verify certificate-id pc1 Local cert pc1 verification failed. local cert is missing
request security pki local-certificate verify certificate-id localcert-root (Verify local certificate status when the CA is unreachable for MX240, MX480, MX960, SRX Series Firewalls and vSRX Virtual Firewall)
You receive the following response when a CA is not reachable or CRL download has failed.
user@host> request security pki local-certificate verify certificate-id localcert-root Local Cert localcert-root Verification Failed. Unreachable CA or CRL Download Failed
Release Information
Command introduced in Junos OS Release 8.5.