Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


About the Trusted Certificate Authority Page

You are here: Device Administration > Certificate Management > Trusted Certificate Authority.

SSL forward proxy ensures secure transmission of data between a client and a server. Before establishing a secure connection, SSL forward proxy checks certificate authority (CA) certificates to verify signatures on server certificates. For this reason, a reasonable list of trusted CA certificates is required to effectively authenticate servers.

You can perform the following tasks:

  • Generate a default trusted CAs. See Generate Default Trusted Certificate Authorities.

  • Enroll a CA certificate using the Simple Certificate Enrollment Process (SCEP) or Certificate Management Protocol (CMPv2). With SCEP or CMPv2, you can configure Juniper Network device to obtain a local certificate online and start the online enrollment for the specified certificate ID. See Enroll a CA Certificate.

  • Import a CA certificate to manually load CA certificates and CRL. See Import a CA Certificate.

  • Add a CA profile. See Add a Certificate Authority Profile.

  • Edit a CA profile. See Edit a Certificate Authority Profile.

  • Delete a CA profile. See Delete a Certificate Authority Profile.

  • Search for text in a Trusted Certificate Authority table. See Search Text in the Trusted Certificate Authority Table.

  • Filter the trusted CA information based on select criteria. To do this, select the filter icon at the upper-right corner of the table. The columns in the grid change to accept filter options. Type the filter options; the table displays only the data that fits the filtering criteria.

  • Show or hide columns in the trusted CA table. To do this, use the Show Hide Columns icon in the upper-right corner of the page and select the options you want to show or deselect to hide options on the page.

Table 1 provides the details of the fields of the Trusted Certificate Authority Page.

Table 1: Fields on Trusted Certificate Authority Page



CA Profile

Displays the name of the CA profile.

Certificate ID

Displays the CA certificate ID.

Issuer Org

Displays the issuer organizational name.


Displays the status of the CA certificate.

For example:

  • Valid.

  • Expires in number of day(s).

  • Expired.

  • Download Required. This status is for a CA profile with manual enrollment.

  • Enrollment Required. This status is for a CA profile with automatic enrollment.

Expiration Date

Displays CA certificate expiration date.

Encryption Type

Displays whether the algorithm of the certificate is RSA, DSA, or ECDSA encryption.