request security pki ca-certificate ca-profile-group default-trusted-ca-certs
Syntax
request security pki ca-certificate ca-profile-group default-trusted-ca-certs download [check-server | no-forwarding | status]
Description
When you setup dynamic update of trusted CA bundle, you use this command to -
-
Explicitly instruct the SRX Series Firewall or a Junos OS device to manually download the default trusted CA certificates from CDN server. It checks the available version on the CDN server and downloads it.
-
Check connectivity to the CDN server for the Junos OS device.
-
Monitor the status of default trusted CA certificates downloaded from CDN server.
Options
| download |
Download default trusted CA certificates from a CDN server. Use this option when you need to explicitly download default trusted CA certificates in addition to periodic download. |
| check-server |
Check connectivity to CDN server to download default trusted CA certificates. This command downloads the manifest file and displays the trusted-ca-bundle version available in CDN server |
| no-forwarding |
No forwarding. |
| status |
Check current status of default trusted CA certificates downloaded from CDN server. This option displays the default trusted CA certificates version number and version date. |
Required Privilege Level
maintenance
Output Fields
When you enter this command, you are provided feedback on the status of your request.
Sample Output
request security pki ca-certificate ca-profile-group default-trusted-ca-certs download
-
Success scenario
user@host> request security pki ca-certificate ca-profile-group default-trusted-ca-certs download Connection to CDN server is successful. Default trusted CA certs bundle version available is <version> dated <date> Downloading the trusted CA certs bundle... Download successful Updating trusted CA certs to default CA profile group <ca-profile-group> Added <num> CAs and removed <num> CAs from default trusted CA profile group test
-
Failure scenario - 1
user@host> request security pki ca-certificate ca-profile-group default-trusted-ca-certs download Connection to CDN server is unsuccessful
-
Failure scenario - 2
user@host> request security pki ca-certificate ca-profile-group default-trusted-ca-certs download Connection to CDN server is successful. Default trusted CA certs bundle version available is <version_no> dated <date>. Downloading the trusted CA certs... Download Failed.
Sample Output
request security pki ca-certificate ca-profile-group default-trusted-ca-certs download check-server
user@host> request security pki ca-certificate ca-profile-group default-trusted-ca-certs download check-server Connection to CDN server is successful. Default trusted CA certs bundle version available is <version_no> dated <date>.
Sample Output
request security pki ca-certificate ca-profile-group default-trusted-ca-certs download status
-
Success scenario
user@host> request security pki ca-certificate ca-profile-group default-trusted-ca-certs download status Default trusted CA certs bundle available on device is <version_no> dated <date>.
-
Failure scenario
user@host> request security pki ca-certificate ca-profile-group default-trusted-ca-certs download status Default trusted CA certs bundle is not available.
Release Information
Statement introduced in Junos OS Release 23.2R1.