[
Contents]
[
Prev]
[
Next]
[
Index]
[
Report an Error]
CLI Configuration
To enable and configure certificate re-enrollment
use the set security pki auto-re-enrollment command
with the following information:
- Certificate ID of the CA certificate—for example, sm1.
- Name of the CA profile associated with the certificate—for
example, aaa.
- Challenge password for CA certificate enrollment and revocation.
This password must be the same one configured previously for the CA—for
example, abc.
- Trigger time for the re-enrollment. This value sets the
certificate re-enrollment time as a percentage of the time left before
expiration. For example, to start re-enrollment when 10 percent of
the certificate time remains, specify 10.
- During automatic re-enrollment, by default the Juniper
Networks device uses the existing key pair. To generate a new key
pair, specify re-generate-key-pair.
For example:
- user@host# set security pki auto-re-enrollment
certificate-id sm1 ca-profile-name aaa
challenge-password abc re-enroll-trigger-time-percentage 10 re-generate-keypair
[
Contents]
[
Prev]
[
Next]
[
Index]
[
Report an Error]