Example: Loading CA and Local Certificates Manually (CLI)

After you download certificates from a CA, you transfer them to the device (for example, using FTP), and then load them.

Before you begin:

  1. Generate a public-private key pair. See Example: Generating a Public-Private Key Pair (CLI).
  2. Create a CA profile. See Understanding Certificate Authority Profiles.
  3. Generate a certificate request. See Example: Generating a Local Certificate Request Manually (CLI).

You can load the following certificate files onto a device running JUNOS Software:

In this example, you have downloaded the following certificates and saved them to the /var/tmp/ directory on the device:

To load the certificate files onto a device:

  1. To load the local certificate called local.cert from the /var/tmp directory on the device, enter the following command:
    user@host> request security pki local-certificate load certificate-id local.cert filename /var/tmp/local.cert
  2. To load the CA certificate called ca.cert from the /var/tmp directory on the device, enter the following command. The CA profile is called ca-profile-ipsec.
    user@host> request security pki ca-certificate load ca-profile ca-profile-ipsec filename /var/tmp/ca.cert

Related Topics