Example: Verifying Certificate Validity (CLI)
The CRL is updated automatically, but you must verify certificates manually to find out if a certificate has been revoked, or if the CA certificate used to create a local certificate is no longer present on the device.
When you verify certificates manually, the device uses the CA certificate to verify the local certificate. If the local certificate is valid, and if revocation-check is enabled in the CA profile, the device verifies that the CRL is loaded and valid. If not, the device downloads the new CRL.
Use the following command to verify the validity of a local certificate called local.cert:
Use the following command to verify the validity of a CA certificate called ca-cert:
 | Note: The associated private key and the signature are also verified. |
For more information on the certificate, use the show commands (show security pki ca-certificate and show security pki certificate-request) described in the JUNOS Software CLI Reference.
Related Topics
- JUNOS Software Feature Support Reference for SRX Series and J Series Devices
- Understanding Certificate Revocation Lists
- Example: Checking Certificate Validity Using CRLs (CLI)
- Deleting Certificates (CLI Procedure)