request security pki local-certificate enroll
Syntax
Release Information
Command introduced in Junos OS Release 7.5.
Description
Request that a certificate authority (CA) enroll and install a local digital certificate online by using the Simple Certificate Enrollment Protocol (SCEP).
Options
ca-profile ca-profile-name | — | CA profile name. |
certificate-id certificate-id-name | — | Name of the local digital certificate and the public/private key pair. |
challenge-password password | — | Password set by the administrator and normally obtained from the SCEP enrollment webpage of the CA. The password is 16 characters in length. |
domain-name domain-name | — | Fully qualified domain name (FQDN). The FQDN provides the identity of the certificate owner for Internet Key Exchange (IKE) negotiations and provides an alternative to the subject name. |
subject subject-distinguished-name | — | Distinguished name format that contains the common name, department, company name, state, and country:
|
email email-address | — | (Optional) E-mail address of the certificate holder. |
ip-address ip-address | — | (Optional) IP address of the router. |
Required Privilege Level
maintenance
List of Sample Output
Output Fields
When you enter this command, you are provided feedback on the status of your request.
Sample Output
user@host> request security pki local-certificate
enroll certificate-id r3-entrust-scep ca-profile entrust domain-name
router3.juniper.net subject "CN=router3,OU=Engineering,O=juniper,C=US"
challenge-password 123Certificate enrollment has started. To view the status of your enrollment, check the public key infrastructure log (pkid) log file at /var/log/pkid. Please save the challenge-password for revoking this certificate in future. Note that this password is not stored on the router.
