Example: Loading CA and Local Certificates Manually (CLI)
After you download certificates from a CA, you transfer them to the device (for example, using FTP), and then load them.
Before you begin:
- Generate a public-private key pair. See Example: Generating a Public-Private Key Pair (CLI).
- Create a CA profile. See Understanding Certificate Authority Profiles.
- Generate a certificate request. See Example: Generating a Local Certificate Request Manually (CLI).
You can load the following certificate files onto a device running JUNOS Software:
- A local or end-entity (EE) certificate that identifies your local device. This certificate is your public key.
- A CA certificate that contains the CA's public key.
- A CRL that lists any certificates revoked by the CA.
Note: You can load multiple EE certificates onto the device.
In this example, you have downloaded the following certificates and saved them to the /var/tmp/ directory on the device:
- local.cert
- ca.cert
To load the certificate files onto a device:
- To load the local certificate called local.cert from the /var/tmp directory on the device, enter the following
command: user@host> request security pki local-certificate load certificate-id local.cert filename /var/tmp/local.cert
- To load the CA certificate called ca.cert from
the /var/tmp directory on the device, enter the following
command. The CA profile is called ca-profile-ipsec.user@host> request security pki ca-certificate load ca-profile ca-profile-ipsec filename /var/tmp/ca.cert
Related Topics
- JUNOS Software Feature Support Reference for SRX Series and J Series Devices
- Digital Certificates Configuration Overview
- Example: Reenrolling Local Certificates Automatically (CLI)
- Example: Verifying Certificate Validity (CLI)
- Example: Checking Certificate Validity Using CRLs (CLI)