[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

show security pki local-certificate

Syntax



show security pki local-certificate
         
           <                  brief                     |                   detail  
                 >                

         
           <         certificate-id            certificate-id-name   
     >
<system-generated>

Release Information

Command modified in Release 9.1 of JUNOS software.

Description

Display information about the local digital certificates, corresponding public keys, and the automatically generated self-signed certificate configured on the device.

This statement is supported on J-series and SRX-series devices.

Options

none—Display basic information about all configured local digital certificates, corresponding public keys, and the automatically generated self-signed certificate.

brief | detail—(Optional) Display the specified level of output.

certificate-id certificate-id-name —(Optional) Display information about only the specified local digital certificates and corresponding public keys.

system-generated—Display information about the automatically generated self-signed certificate.

Required Privilege Level

view

List of Sample Output

show security pki local-certificate certificate-id
show security pki local-certificate certificate-id detail
show security pki local-certificate system-generated
show security pki local-certificate system-generated detail

Output Fields

Table 87 lists the output fields for the show security pki local-certificate command. Output fields are listed in the approximate order in which they appear.

Table 87: show security pki local-certificate Output Fields

Field Name	Field Description
Certificate identifier	Name of the digital certificate.
Certificate version	Revision number of the digital certificate.
Serial number	Unique serial number of the digital certificate.
Issued to	Device that was issued the digital certificate.
Issued by	Authority that issued the digital certificate.
Issuer	Authority that issued the digital certificate, including details of the authority organized using the distinguished name format. Possible subfields are: Organization—Organization of origin. Organizational unit—Department within an organization. Country—Country of origin. Locality—Locality of origin. Common name—Name of the authority.
Subject	Details of the digital certificate holder organized using the distinguished name format. Possible subfields are: Organization—Organization of origin. Organizational unit—Department within an organization. Country—Country of origin. Locality—Locality of origin. Common name—Name of the authority.
Alternate subject	Domain name or IP address of the device related to the digital certificate.
Validity	Time period when the digital certificate is valid. Values are: Not before—Start time when the digital certificate becomes valid. Not after—End time when the digital certificate becomes invalid.
Public key algorithm	Encryption algorithm used with the private key, such as rsaEncryption(1024 bits).
Public key verification status	Public key verification status: Failed or Passed. The detail output also provides the verification hash.
Signature algorithm	Encryption algorithm that the CA used to sign the digital certificate, such as sha1WithRSAEncryption.
Fingerprint	Secure Hash Algorithm (SHA1) and Message Digest 5 (MD5) hashes used to identify the digital certificate.
Distribution CRL	Distinguished name information and URL for the certificate revocation list (CRL) server.
Use for key	Use of the public key, such as Certificate signing, CRL signing, Digital signature, or Data encipherment.

show security pki local-certificate certificate-id

user@host> show
security pki local-certificate certificate-id hassan

   Certificate identifier: hassan
     Issued to: hassan, Issued by: kpradeep.juniper.net
     Validity:
       Not before: 2005 Aug  2nd, 05:23:42 GMT
       Not after: 2006 Aug  2nd, 05:33:42 GMT
     Public key algorithm: rsaEncryption(1024 bits)
     Public key verification status: Passed

show security pki local-certificate certificate-id detail

user@host> show
security pki local-certificate certificate-id hassan detail

   Certificate identifier: hassan
     Certificate version: 3
     Serial number: 3115 8938 6334 6035 7529
     Issuer:
       Common name: kpradeep.juniper.net
     Subject:
       Organization: juniper, Organizational unit: pepsi, Country: IN, 
                        Common name: hassan
     Alternate subject: hassan.com
     Validity:
        Not before: 2005 Aug  2nd, 05:23:42 GMT
        Not after: 2006 Aug  2nd, 05:33:42 GMT
     Public key algorithm: rsaEncryption(1024 bits)
     Public key verification status: Passed 
       c7:a4:fb:e7:8c:4f:31:e7:eb:01:d8:32:65:21:f2:eb:6f:7d:49:1a:c3:9b
       63:47:e2:4f:f6:db:f6:c8:75:dd:e6:ec:0b:35:0a:62:32:45:6b:35:1f:65
       c9:66:b7:40:b2:f9:2a:ab:5b:60:f7:c7:73:36:da:68:25:fc:40:4b:12:3c
       d5:c8:c6:66:f6:10:1e:86:67:a8:95:9b:7f:1c:ae:a7:55:b0:28:95:a7:9a
       a2:24:28:e4:5a:b2:a9:06:7a:69:37:20:15:e1:b6:66:eb:22:b5:b6:77:f6
       65:88:b0:94:2b:91:4b:99:78:4a:e3:56:cc:14:45:d7:97:fd
     Signature algorithm: sha1WithRSAEncryption
     Fingerprint:
       36:ec:35:5a:9a:6d:1c:77:a8:bb:f6:b9:94:57:36:11:c8:88:93:cc (sha1)
       1f:ab:f2:a0:84:5a:9c:e6:0e:92:79:70:cf:2c:1a:73 (md5)
    Distribution CRL: 
      file://\\multiplex\CertEnroll\kpradeep.juniper.net.crl
      http://multiplex/CertEnroll/kpradeep.juniper.net.crl
     Use for key: Digital signature

show security pki local-certificate system-generated

user@host> show
security pki local-certificate system-generated

Certificate identifier: system-generated
  Issued to: JN10D3DFCADA, Issued by: CN = JN10D3DFCADA, CN = system generated, CN = self-signed
  Validity:
    Not before: 02-21-2008 10:27
    Not after: 02-19-2013 10:27
  Public key algorithm: rsaEncryption(1024 bits)

show security pki local-certificate system-generated detail

user@host> show
security pki local-certificate system-generated detail

Certificate identifier: system-generated
  Certificate version: 3
  Serial number: a3f42347afe6953f8f3fe4aae70f310f
  Issuer:
    Common name: JN10D3DFCADA
  Subject:
    Common name: JN10D3DFCADA
  Alternate subject: email empty, fqdn empty, ip empty
  Validity:
    Not before: 02-21-2008 10:27
    Not after: 02-19-2013 10:27
  Public key algorithm: rsaEncryption(1024 bits)
    30:81:89:02:81:81:00:c1:50:fa:46:eb:57:6b:7d:11:05:a0:7d:17
    0c:2b:0e:d1:26:4c:ae:4d:75:b2:c9:73:2d:bb:d0:ef:07:f0:24:9e
    23:42:29:79:30:c3:3b:f4:b7:5a:74:3a:9c:d1:66:45:af:e8:41:5d
    52:bf:81:c3:c9:d9:d5:ba:0f:5e:d3:28:d4:44:d2:60:0c:42:76:c5
    ed:93:89:20:13:ee:e6:23:ab:d6:e5:fe:5e:13:a2:94:c0:ae:f9:1e
    cd:fa:ca:9f:59:92:b4:b3:84:e9:61:76:7b:81:f4:5a:48:a6:91:ae
    39:99:b9:3a:06:ac:d7:b2:15:85:bd:8f:b7:90:e1:02:03:01:00:01
  Signature algorithm: sha1WithRSAEncryption
  Fingerprint:
    42:79:b0:f0:fa:fc:03:33:bd:0d:d4:56:21:f1:d9:28:51:00:3f:b0 (sha1)
    f0:77:8e:3e:1d:41:12:a1:bf:3d:cd:19:e5:66:3e:15 (md5)