request security certificate enroll (Signed)
Syntax
request security certificate enroll filename filename subject subject alternative-subject alternative-subject certification-authority certification-authority encoding (binary | pem) key-file key-file domain-name domain-name
Description
(Encryption interface on M Series and T Series routers and EX Series switches only) Obtain a signed certificate from a certificate authority (CA). The signed certificate validates the CA and the owner of the certificate. The results are saved in a specified file to the /var/etc/ikecert directory.
For FIPS mode, the digital security certificates must
be compliant with the National Institute of Standards and Technology
(NIST) SP 800-131A standard. The request security key-pair command is deprecated and not available with Junos in FIPS mode
because it generates RSA and DSA keys with sizes of 512 and 1024 bits
that are not compliant with the NIST SP 800-131A standard.
Options
| filename filename | File that stores the certificate. |
| subject subject | Distinguished name (dn), which consists of a set of components—for example, an organization (o), an organization unit (ou), a country (c), and a locality (l). |
| alternative-subject alternative-subject | Tunnel source address. |
| certification-authority certification-authority | Name of the certificate authority profile in the configuration. |
| encoding (binary | pem) | File format used for the certificate. The format can be a binary file or privacy-enhanced mail (PEM), an ASCII base64-encoded format. The default format is binary. |
| key-file key-file | File containing a local private key. |
| domain-name domain-name | Fully qualified domain name. |
Required Privilege Level
maintenance
Output Fields
When you enter this command, you are provided feedback on the status of your request.
Sample Output
request security certificate enroll filename subject alternative-subject certification-authority key-file domain-name (Signed)
user@host> request security certificate enroll filename host.crt subject c=uk,o=london alternative-subject 10.50.1.4 certification-authority verisign key-file host-1.prv domain-name host.example.com CA name: example.com CA file: ca_verisign local pub/private key pair: host.prv subject: c=uk,o=london domain name: host.example.com alternative subject: 10.50.1.4 Encoding: binary Certificate enrollment has started. To view the status of your enrollment, check the key management process (kmd) log file at /var/log/kmd. <--------------
Release Information
Command introduced before Junos OS Release 7.4.