TechLibrary

Documentation Quick Links

Table of Contents

Guide That Contains This Content

[+] Expand All

[-] Collapse All

Routing Matrix with a TX Matrix Plus Router Deployment Guide - TechLibrary - Juniper Networks
- Overview
  - Understanding How a Routing Matrix with a TX Matrix Plus Router Works
  - Supported Routing Matrix Configurations with a TX Matrix Plus Router
  - System Requirements
    - System Requirements for a Routing Matrix with a TX Matrix Plus Router
- Configuring a Routing Matrix with a TX Matrix Plus Router
  - Configuring a Routing Matrix with a TX Matrix Plus Router
- Administering and Troubleshooting a Routing Matrix with a TX Matrix Plus Router
  - Administering Hardware Components of a Routing Matrix with a TX Matrix Plus Router
  - Administering Files and Processes of a Routing Matrix with a TX Matrix Plus Router
    - Managing Files on Routing Engines in a Routing Matrix with a TX Matrix Plus Router
    - Managing System Processes in a Routing Matrix with a TX Matrix Plus Router
  - Upgrading Software on a Routing Matrix with a TX Matrix Plus Router
  - Troubleshooting a Routing Matrix with a TX Matrix Plus Router
- Configuration Statements and Operational Commands
- Downloads
  - - Download this guide: Deployment Guide for TX Matrix Plus

Download This Guide

Download this guide: Deployment Guide for TX Matrix Plus

Supported Platforms

show ipsec certificates

Syntax

show ipsec certificates<brief | detail> <crl crl-name | serial-number>

Release Information

Command introduced before Junos OS Release 7.4.

Description

(Encryption interface on M Series and T Series routers only) Display information about the IPsec certificate database.

Options

none

—

Display standard information about all of the entries in the IPsec certificate database.

brief | detail

—

(Optional) Display the specified level of output.

crl crl-name | serial-number

—

(Optional) Display information about the entries on the certificate revocation list (CRL) or for the specified serial number. A CRL is a timestamped list identifying revoked certificates. The CRL is signed by a certificate authority (CA) or CRL issuer and made freely available in a public repository. Each revoked certificate is identified in a CRL by its certificate serial number.

Required Privilege Level

view

Related Documentation

clear ipsec security-associations

List of Sample Output

show ipsec certificates detail

Output Fields

Table 1 lists the output fields for the show ipsec certificates command. Output fields are listed in the approximate order in which they appear.

Table 1: show ipsec certificates Output Fields

Field Name	Field Description	Level of Output
Database	Display information about the IPsec certificate database. Total entries—Number of database entries, including entries that are not trusted or that are in the process of being deleted. Active entries—Number of database entries, excluding entries that are marked as deleted. Locked entries—Number of statically configured database entries that cannot expire, such as CA certificates that are root or trusted.	All levels
Subject	Distinguished name for the certificate for C, O, CN, as described in RFC 3280, Internet x.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile.	All levels
ID	Identification number of the database entry. ID is generated by the internal certificate database.	All levels
References	Reference number the certificate manager has for the particular entry.	detail
Serial	Unique serial number assigned to each certificate by the CA.	All levels
Flags	State of the certificate. Trusted—Passed validity checks. Not trusted—Failed validity checks. Root—Entry is locked and may have been learned through IKE or a locally configured CA certificate. Non-root—Entry is not locked. Crl-issuer—Entity issues CRLs. Non-crl-issuer—Entity does not issue CRLs.	detail
Validity period starts	Start time that the certificate is valid, in the format yyyy mon dd, hh:mm:ss GMT.	detail
Validity period ends	End time that the certificate is valid, in the format yyyy mon dd, hh:mm:ss GMT.	detail
Alternative name information	Auxiliary identity for the certificate: dns-name, email-address, ip-address, or uri (uniform resource identifier).	detail
Issuer	Information about the entity that has signed and issued the CRL as described in RFC 2459, Internet X.509 Public Key Infrastructure Certificate and CRL Profile.	detail

Sample Output

show ipsec certificates detail

user@host> show ipsec certificates detail

Database: Total entries: 3 Active entries: 4 Locked entries: 1
Subject: C=us, O=x
  ID: 5, References: 0, Serial: 22314868
  Flags: Trusted Non-root Crl-issuer
  Validity period starts: 2003 Mar  1st, 01:20:42 GMT
  Validity period ends: 2003 Mar 31st, 01:50:42 GMT
  Alternative name information:
    IP address: 10.20.210.1
  Issuer: C=FI, O=Company-ABC, CN=Company ABC class 2

Subject: C=us, O=x
  ID: 4, References: 0, Serial: 22315496
  Flags: Trusted Non-root Crl-issuer
  Validity period starts: 2003 Mar  1st, 01:21:45 GMT
  Validity period ends: 2003 Mar 31st, 01:51:45 GMT
  Alternative name information:
    IP address: 10.20.210.20
  Issuer: C=FI, O=Company-ABC, CN=Company ABC class 2

Subject: C=FI, O=SSH Company-ABC, CN=Company ABC class 2
  ID: 1, References: 1, Serial: 1538512
  Flags: Trusted Root Non-crl-issuer
  Validity period starts: 2001 Aug  1st, 07:08:32 GMT
  Validity period ends: 2004 Aug  1st, 07:08:32 GMT
  Alternative name information:
    Email address: certifier-support@ssh.com
  Issuer: C=FI, O=Company-ABC, CN=Company ABC class 2

Published: 2013-01-30

Download This Guide

Download this guide: Deployment Guide for TX Matrix Plus