Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Troubleshooting Juniper Advanced Threat Prevention Cloud: Checking Certificates

Use the show security pki local-certificate CLI command to check your local certificates. Ensure that you are within the certificate’s valid dates. The ssl-inspect-ca certificate is used for SSL proxy. Show below are some examples. Your output may look different as these are dependent on your setup and location.

Use the show security pki ca-certificate command to check your CA certificates. The argon-ca certificate is the client certificate’s CA while the argon-secintel-ca is the server certificate’s CA. Ensure that you are within the certificate’s valid dates.

When you enroll an SRX Series device, the ops script installs two CA certificates: one for the client and one for the server. Client-side CA certificates are associated with serial numbers. Use the show security pki local-certificate detail CLI command to get your device’s certificate details and serial number.

Then use the show security pki crl detail CLI command to make sure your serial number is not in the Certificate Revocation List (CRL). If your serial number is listed in the CRL then that SRX Series device cannot connect to the cloud server.