Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation

request security pki local-certificate enroll

Syntax

request security pki local-certificate enroll ca-profile ca-profile-name certificate-id certificate-id-name challenge-password password domain-name domain-name subject subject-distinguished-name<email email-address><ip-address ip-address>

Release Information

Command introduced in Junos OS Release 7.5.

Description

Request that a certificate authority (CA) enroll and install a local digital certificate online by using the Simple Certificate Enrollment Protocol (SCEP).

Options

ca-profile ca-profile-name

CA profile name.

certificate-id certificate-id-name

Name of the local digital certificate and the public/private key pair.

challenge-password password

Password set by the administrator and normally obtained from the SCEP enrollment webpage of the CA. The password is 16 characters in length.

domain-name domain-name

Fully qualified domain name (FQDN). The FQDN provides the identity of the certificate owner for Internet Key Exchange (IKE) negotiations and provides an alternative to the subject name.

subject subject-distinguished-name

Distinguished name format that contains the common name, department, company name, state, and country:

  • CN—Common name
  • OU—Organizational unit name
  • O—Organization name
  • ST—State
  • C—Country
email email-address

(Optional) E-mail address of the certificate holder.

ip-address ip-address

(Optional) IP address of the router.

Required Privilege Level

maintenance

List of Sample Output

Output Fields

When you enter this command, you are provided feedback on the status of your request.

Sample Output

user@host> request security pki local-certificate enroll certificate-id r3-entrust-scep ca-profile entrust domain-name router3.juniper.net subject "CN=router3,OU=Engineering,O=juniper,C=US" challenge-password 123
Certificate enrollment has started. To view the status of your enrollment, check the public key infrastructure log (pkid) log file at /var/log/pkid. Please save the challenge-password for revoking this certificate in future.  Note that this password is not stored on the router.

Published: 2013-03-14