show security pki local-certificate
Syntax
Release Information
Command introduced in Junos OS Release 7.5.
Description
Display information about the local digital certificates and the corresponding public keys installed in the router.
Options
none | — | (same as brief) Display information about all local digital certificates and corresponding public keys. |
brief | detail | — | (Optional) Display the specified level of output. |
certificate-id certificate-id-name | — | (Optional) Display information about only the specified the local digital certificate and corresponding public keys. |
system-generated | — | (Optional) Auto-generated self-signed certificate. |
Required Privilege Level
view
List of Sample Output
show security pki local-certificateshow security pki local-certificate detail
Output Fields
Table 1 lists the output fields for the show security pki local-certificate command. Output fields are listed in the approximate order in which they appear.
Table 1: show security pki local-certificate Output Fields
Field Name | Field Description | Level of Output |
|---|---|---|
Certificate identifier | Name of the digital certificate. | All levels |
Certificate version | Revision number of the digital certificate. | detail |
Serial number | Unique serial number of the digital certificate. | detail |
Issued by | Authority that issued the digital certificate. | none brief |
Issued to | Device that was issued the digital certificate. | none brief |
Issuer | Authority that issued the digital certificate, including details of the authority organized using the distinguished name format. Possible subfields are:
| detail |
Subject | Details of the digital certificate holder organized using the distinguished name format. Possible subfields are:
| detail |
Alternate subject | Domain name or IP address of the device related to the digital certificate. | detail |
Validity | Time period when the digital certificate is valid. Values are:
| All levels |
Public key algorithm | Encryption algorithm used with the private key, such as rsaEncryption (1024 bits). | All levels |
Public key verification status | Public key verification status: Failed or Passed. The detail output also provides the verification hash. | All levels |
Signature algorithm | Encryption algorithm that the CA used to sign the digital certificate, such as sha1WithRSAEncryption. | detail |
Fingerprint | Secure Hash Algorithm (SHA1) and Message Digest 5 (MD5) hashes used to identify the digital certificate. | detail |
Distribution CRL | Distinguished name information and URL for the certificate revocation list (CRL) server. | detail |
Use for key | Use of the public key, such as Certificate signing, CRL signing, Digital signature, or Key encipherment. | detail |
Sample Output
show security pki local-certificate
user@host> show security pki local-certificate Certificate identifier: local-entrust2
Issued to: router2.juniper.net, Issued by: juniper
Validity:
Not before: 2005 Nov 21st, 23:28:22 GMT
Not after: 2008 Nov 21st, 23:58:22 GMT
Public key algorithm: rsaEncryption(1024 bits)
Public key verification status: Passed
show security pki local-certificate detail
user@host> show security pki local-certificate
detail Certificate identifier: local-entrust3
Certificate version: 3
Serial number: 4355 94f9
Issuer:
Organization: juniper, Country: us
Subject:
Organization: juniper, Country: us, Common name: router3.juniper.net
Alternate subject: router3.juniper.net
Validity:
Not before: 2005 Nov 21st, 23:33:58 GMT
Not after: 2008 Nov 22nd, 00:03:58 GMT
Public key algorithm: rsaEncryption(1024 bits)
Public key verification status: Passed
fb:79:df:d4:a9:03:0f:d3:69:7e:c1:e4:27:35:9c:d9:b1:a2:47:78
d2:6d:f3:e5:f4:68:4f:b3:04:45:88:57:99:82:39:a6:51:9e:5f:42
23:3f:d7:6e:3d:a5:54:a9:b1:2d:6e:90:dd:12:8a:bf:ef:2b:20:50
ba:f0:da:d9:0c:ad:5e:d6:c6:98:3a:ae:3f:90:dd:94:78:c1:ea:2e
7c:f0:2d:d4:79:d4:cd:f0:52:df:5e:72:f2:e7:ae:66:f7:61:f4:bc
72:57:3e:6c:6d:d3:24:58:8b:f4:ef:da:2a:6a:fa:eb:98:f8:34:84
79:54:da:4f:d3:6f:52:1f
Signature algorithm: sha1WithRSAEncryption
Fingerprint:
61:3a:d0:b4:7a:16:9b:39:ba:81:3f:9d:ab:34:e5:c8:be:3b:a1:6d (sha1)
60:a0:ff:58:05:4a:65:73:9d:74:3a:e1:83:6f:1b:c8 (md5)
Distribution CRL:
C=us, O=juniper, CN=CRL1
http://CA-1/CRL/juniper_us_crlfile.crl
Use for key: Digital signature
