Example: Loading CA and Local Certificates Manually (CLI)

After you download certificates from a CA, you transfer them to the device (for example, using FTP), and then load them.

Before you begin:

1. Generate a public-private key pair. See Example: Generating a Public-Private Key Pair (CLI).
2. Create a CA profile. See Understanding Certificate Authority Profiles.
3. Generate a certificate request. See Example: Generating a Local Certificate Request Manually (CLI).

You can load the following certificate files onto a device running JUNOS Software:

• A local or end-entity (EE) certificate that identifies your local device. This certificate is your public key.
• A CA certificate that contains the CA's public key.
• A CRL that lists any certificates revoked by the CA.

  Note: You can load multiple EE certificates onto the device.

In this example, you have downloaded the following certificates and saved them to the /var/tmp/ directory on the device:

• local.cert
• ca.cert

To load the certificate files onto a device:

1. To load the local certificate called local.cert from the /var/tmp directory on the device, enter the following command:
   user@host> request security pki local-certificate load certificate-id local.cert filename /var/tmp/local.cert
2. To load the CA certificate called ca.cert from the /var/tmp directory on the device, enter the following command. The CA profile is called ca-profile-ipsec.
   user@host> request security pki ca-certificate load ca-profile ca-profile-ipsec filename /var/tmp/ca.cert

Related Topics

• JUNOS Software Feature Support Reference for SRX Series and J Series Devices
• Digital Certificates Configuration Overview
• Example: Reenrolling Local Certificates Automatically (CLI)
• Example: Verifying Certificate Validity (CLI)
• Example: Checking Certificate Validity Using CRLs (CLI)