Manually Obtaining Digital Certificates
You can manually add digital certificates, or you can use SCEP to help manage how you obtain certificates.
For information about using SCEP to obtain certificates, see Obtaining Digital Certificates through SCEP.
To manually add a signed certificate:
- Create a certificate signing request.
user@host>request security generate-certificate-request subject
subject
password
password
subject
is the distinguished name of the SRC host; for examplecn=cseries1,ou=pop,o=Juniper,l=kanata,st=Ontario,c=Canada
.password
is the password received from the certificate authority for the specified subject.By default, this request creates the file
/tmp/certreq.csr
and encodes the file by using Privacy-Enhanced Mail (pem) encoding.
- Copy the file generated in Step 1 to another system, and submit the certificate signing request file generated in Step 1 to the certificate authority.
You can transfer the file through FTP by using the
file copy
command.user@host>file copy
source_file
ftp://
username
@
server
[:port
]/
destination_file
The remote system prompts you for your password.
You can transfer the file through FTP, as shown in Step 2.
- Add the certificate to the SRC configuration.
user@host>request security import-certificate file-name
file-name
identifier
identifier
file-name
is the name of the certificate file in the/tmp
folder. The file has one of the following extensions:For example, to import the file
sdx.cer
that is identified as web:user@host>request security import-certificate file-name sdx.cer identifier web
- Verify that the certificate is part of the SRC configuration.
user@host>show security certificate
web subject:CN=hostIf there are no certificates on the system, the CLI displays the following message:
user@host>show security certificate
No entity certificates in key store