request security certificate (signed)
Syntax
Release Information
Command introduced before Junos OS Release 7.4.
Command introduced in Junos OS Release 9.0 for EX Series switches.
Description
(Encryption interface on M Series and T Series routers and EX Series switches only) Obtain a signed certificate from a certificate authority (CA). The signed certificate validates the CA and the owner of the certificate. The results are saved in a specified file to the /var/etc/ikecert directory.
Options
filename filename | — | File that stores the certificate. |
subject subject | — | Distinguished name (dn), which consists of a set of components—for example, an organization (o), an organization unit (ou), a country (c), and a locality (l). |
alternative-subject alternative-subject | — | Tunnel source address. |
certification-authority certification-authority | — | Name of the certificate authority profile in the configuration. |
encoding (binary | pem) | — | File format used for the certificate. The format can be a binary file or privacy-enhanced mail (PEM), an ASCII base64-encoded format. The default format is binary. |
key-file key-file | — | File containing a local private key. |
domain-name domain-name | — | Fully qualified domain name. |
Required Privilege Level
maintenance
List of Sample Output
request security certificate (signed)Output Fields
When you enter this command, you are provided feedback on the status of your request.
Sample Output
request security certificate (signed)
user@host> request security certificate enroll
filename host.crt subject c=uk,o=london alternative-subject 10.50.1.4
certification-authority verisign key-file host-1.prv domain-name host.juniper.net
CA name: juniper.net CA file: ca_verisign local pub/private key pair: host.prv subject: c=uk,o=london domain name: host.juniper.net alternative subject: 10.50.1.4 Encoding: binary Certificate enrollment has started. To view the status of your enrollment, check the key management process (kmd) log file at /var/log/kmd. <--------------
