Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

show security pki local-certificate (View)

Syntax

Description

Display information about the local digital certificates, corresponding public keys, and the automatically generated self-signed certificate configured on the device.

Options

  • none—Display basic information about all configured local digital certificates, corresponding public keys, and the automatically generated self-signed certificate.

  • brief | detail—(Optional) Display the specified level of output.

  • certificate-id certificate-id-name —(Optional) Display information about only the specified local digital certificates and corresponding public keys.

  • system-generated—Display information about the automatically generated self-signed certificate.

Required Privilege Level

view

Output Fields

Table 1 lists the output fields for the show security pki local-certificate command. Output fields are listed in the approximate order in which they appear.

Table 1: show security pki local-certificate Output Fields

Field Name

Field Description

Certificate identifier

Name of the digital certificate.

Certificate version

Revision number of the digital certificate.

Serial number

Unique serial number of the digital certificate. Starting in Junos OS Release 20.1R1, PKI local certificate serial number is displayed with 0x as prefix to indicate that the PKI local certificate is in the hexadecimal format.

Issued to

Device that was issued the digital certificate.

Issued by

Authority that issued the digital certificate.

Issuer

Authority that issued the digital certificate, including details of the authority organized using the distinguished name format. Possible subfields are:

  • Organization—Organization of origin.

  • Organizational unit—Department within an organization.

  • Country—Country of origin.

  • Locality—Locality of origin.

  • Common name—Name of the authority.

LSYS

Name of the logical systems.

Subject

Details of the digital certificate holder organized using the distinguished name format. Possible subfields are:

  • Organization—Organization of origin.

  • Organizational unit—Department within an organization.

  • Country—Country of origin.

  • Locality—Locality of origin.

  • Common name—Name of the authority.

  • Serial number—Serial number of the device.

If the certificate contains multiple subfield entries, all entries are displayed.

Subject string

Subject field as it appears in the certificate.

Alternate subject

Domain name or IP address of the device related to the digital certificate.

Validity

Time period when the digital certificate is valid. Values are:

  • Not before—Start time when the digital certificate becomes valid.

  • Not after—End time when the digital certificate becomes invalid.

Public key algorithm

Encryption algorithm used with the private key, such as rsaEncryption(1024 bits).

Public key verification status

Public key verification status: Failed or Passed. The detail output also provides the verification hash.

Signature algorithm

Encryption algorithm that the CA used to sign the digital certificate, such as sha1WithRSAEncryption.

Fingerprint

Secure Hash Algorithm (SHA1) and Message Digest 5 (MD5) hashes used to identify the digital certificate.

Distribution CRL

Distinguished name information and URL for the certificate revocation list (CRL) server.

Use for key

Use of the public key, such as Certificate signing, CRL signing, Digital signature, or Data encipherment.

Sample Output

show security pki local-certificate certificate-id hello

Sample Output

show security pki local-certificate certificate-id hello detail

Sample Output

show security pki local-certificate system-generated

Sample Output

show security pki local-certificate system-generated detail

Sample Output

show security pki local-certificate certificate-id mycert - (local certificate enrolled online using SCEP)

Sample Output

show security pki local-certificate certificate-id mycert detail - (local certificate enrolled online using SCEP)

Sample Output

show security pki local-certificate detail

command-name

Release Information

Command modified in Junos OS Release 9.1. Subject string output field added in Junos OS Release 12.1X44-D10.