Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

auto-re-enrollment (Security)

Syntax

Hierarchy Level

Description

Configure the automatic reenrollment of a local end-entity (EE) certificate. Auto-reenrollment requests that the issuing CA replace a device certificate before its specified expiration date.

Options

certificate-id

Auto reenrollment configuration for certificate ID.

name

Certificate identifier that needs auto reenrollment.

ca-profile-name

Specify the name of the certificate authority (CA) profile to be used for automatic reenrollment. The CA certificate must be present to initiate reenrollment.

challenge-password

Specify the password used by the certificate authority (CA) for enrollment and revocation. If the CA does not provide the challenge password, choose your own password.

re-enroll-trigger-time-percentage

Specify the certificate reenrollment trigger as a percentage of the end-entity (EE) certificate’s lifetime that remains before certificate reenrollment is initiated. For example, if the renewal request is to be sent when the certificate's remaining lifetime is 10 percent, then configure 10 for re-enroll-trigger-time-percentage value. The time at which the certificate reenrollment is initiated is based on the certificate expiry date.

  • Range: 1 through 99

re-generate-keypair

Specify new key pair generation for automatic certificate reenrollment. If this statement is not configured, the current key pair is used. If the key pair does not change, the CA does not issue new certificates. We recommend that a new key pair be generated during reenrollment as it provides better security.

scep-digest-algorithm

SCEP digest algorithm.

  • Values:

    • md5—Use MD5 as SCEP digest algorithm

    • sha1—Use SHA1 as SCEP digest algorithm

scep-encryption-algorithm

SCEP encryption algorithm.

  • Values:

    • des—Use DES as SCEP encryption algorithm

    • des3—Use DES3 as SCEP encryption algorithm

cmpv2

Configure automatic reenrollment of a local certificate using CMPv2.

scep

Configure automatic reenrollment of a local certificate using Simple Certificate Enrollment Protocol (SCEP).

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Release Information

Statement modified in Junos OS Release 9.0. cmpv2 and scep options added in Junos OS Release 15.1X49-D40.