Enrolling a CA Certificate Online (CLI Procedure)

Before you begin:

1. Generate a public and private key pair. See Example: Generating a Public-Private Key Pair (CLI).
2. Configure a CA profile. See Example: Configuring a Certificate Authority Profile (CLI).

To enroll a CA certificate online:

1. Use the following command to get the CA certificate online using SCEP. The attributes required to reach the CA server are obtained from the defined CA profile.
   user@host> request security pki ca-certificate enroll ca-profile ca-profile_name

   The command is processed synchronously to provide the fingerprint of the received CA certificate.

   Fingerprint:e6:fa:d6:da:e8:8d:d3:00:e8:59:12:e1:2c:b9:3c:c0:9d:6c:8f:8d (sha1)82:e2:dc:ea:48:4c:08:9a:fd:b5:24:b0:db:c3:ba:59 (md5)Do you want to load the above CA certificate ? [yes,no]
2. You must confirm that the correct certificate is loaded. The CA certificate is loaded only when you type yes at the CLI prompt. For more information on the certificate, such as the bit length of the key pair, use the command show security pki ca-certificate described in the JUNOS Software CLI Reference.

Related Topics

• JUNOS Software Feature Support Reference for SRX Series and J Series Devices
• Digital Certificates Configuration Overview
• Understanding Online CA Certificate Enrollment
• Example: Verifying Certificate Validity (CLI)