Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation

show security pki local-certificate

Syntax

show security pki local-certificate <brief | detail><certificate-id certificate-id-name><system-generated>

Release Information

Command introduced in Junos OS Release 11.1 for EX Series switches.

Description

Display information about the local digital certificates and the corresponding public keys installed in the switch.

Options

none

(Same as brief) Display information about all local digital certificates and corresponding public keys.

brief | detail

(Optional) Display information about local digital certificates and corresponding public keys for the specified level of output.

certificate-id certificate-id-name

(Optional) Display information about only the specified the local digital certificate and corresponding public keys.

system-generated

(Optional) Display information about the automatically generated self-signed certificate.

Required Privilege Level

view

 

Related Documentation

 

List of Sample Output

show security pki local-certificate
show security pki local-certificate detail

Output Fields

Table 1 lists the output fields for the show security pki local-certificate command. Output fields are listed in the approximate order in which they appear.

Table 1: show security pki local-certificate Output Fields

Field Name

Field Description

Level of Output

Certificate identifier

Name of the digital certificate.

All levels

Certificate version

Revision number of the digital certificate.

detail

Serial number

Unique serial number of the digital certificate.

detail

Issued by

Authority that issued the digital certificate.

none brief

Issued to

Device that was issued the digital certificate.

none brief

Issuer

Authority that issued the digital certificate, including details of the authority organized using the distinguished name format. Possible subfields are:

  • Common name—Name of the authority.
  • Organization—Organization of origin.
  • Organizational unit—Department within an organization.
  • State—State of origin.
  • Country—Country of origin.

detail

Subject

Details of the digital certificate holder organized using the distinguished name format. Possible subfields are:

  • Common name—Name of the authority.
  • Organization—Organization of origin.
  • Organizational unit—Department within an organization.
  • State—State of origin.
  • Country—Country of origin.

detail

Alternate subject

Domain name or IP address of the device related to the digital certificate.

detail

Validity

Time period when the digital certificate is valid. Values are:

  • Not before—Start time when the digital certificate becomes valid.
  • Not after—End time when the digital certificate becomes invalid.

All levels

Public key algorithm

Encryption algorithm used with the private key, such as rsaEncryption (1024 bits).

All levels

Public key verification status

Public key verification status: Failed or Passed. The detail output also provides the verification hash.

All levels

Signature algorithm

Encryption algorithm that the CA used to sign the digital certificate, such as sha1WithRSAEncryption.

detail

Fingerprint

Secure Hash Algorithm (SHA1) and Message Digest 5 (MD5) hashes used to identify the digital certificate.

detail

Distribution CRL

Distinguished name information and URL for the certificate revocation list (CRL) server.

detail

Use for key

Use of the public key, such as Certificate signing, CRL signing, Digital signature, or Key encipherment.

detail

Sample Output

show security pki local-certificate

user@switch> show security pki local-certificate 
Certificate identifier: local-entrust2
  Issued to: router2.juniper.net, Issued by: juniper
  Validity:
    Not before: 2005 Nov 21st, 23:28:22 GMT
    Not after: 2008 Nov 21st, 23:58:22 GMT
  Public key algorithm: rsaEncryption(1024 bits)
  Public key verification status: Passed

show security pki local-certificate detail

user@switch> show security pki local-certificate detail 
Certificate identifier: local-entrust3
  Certificate version: 3
  Serial number: 4355 94f9
  Issuer:
    Organization: juniper, Country: us
  Subject:
    Organization: juniper, Country: us, Common name: switch1.juniper.net
  Alternate subject: switch1.juniper.net
  Validity:
    Not before: 2005 Nov 21st, 23:33:58 GMT
    Not after: 2008 Nov 22nd, 00:03:58 GMT
  Public key algorithm: rsaEncryption(1024 bits)
  Public key verification status: Passed
    fb:79:df:d4:a9:03:0f:d3:69:7e:c1:e4:27:35:9c:d9:b1:a2:47:78
    d2:6d:f3:e5:f4:68:4f:b3:04:45:88:57:99:82:39:a6:51:9e:5f:42
    23:3f:d7:6e:3d:a5:54:a9:b1:2d:6e:90:dd:12:8a:bf:ef:2b:20:50
    ba:f0:da:d9:0c:ad:5e:d6:c6:98:3a:ae:3f:90:dd:94:78:c1:ea:2e
    7c:f0:2d:d4:79:d4:cd:f0:52:df:5e:72:f2:e7:ae:66:f7:61:f4:bc
    72:57:3e:6c:6d:d3:24:58:8b:f4:ef:da:2a:6a:fa:eb:98:f8:34:84
    79:54:da:4f:d3:6f:52:1f
  Signature algorithm: sha1WithRSAEncryption
  Fingerprint:
    61:3a:d0:b4:7a:16:9b:39:ba:81:3f:9d:ab:34:e5:c8:be:3b:a1:6d (sha1)
    60:a0:ff:58:05:4a:65:73:9d:74:3a:e1:83:6f:1b:c8 (md5)
  Distribution CRL: 
    C=us, O=juniper, CN=CRL1
    http://CA-1/CRL/juniper_us_crlfile.crl
  Use for key: Digital signature

Published: 2014-04-23

Supported Platforms

 

Related Documentation

 

Published: 2014-04-23

Previous Page Next Page