Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

close
keyboard_arrow_left
Junos CLI Reference
Table of Contents Expand all
list Table of Contents
file_download PDF
keyboard_arrow_right

request security pki ca-certificate verify (Security)

date_range 19-Nov-23

Syntax

content_copy zoom_out_map
request security pki ca-certificate verify ca-profile ca-profile-name

Description

Verify the digital certificate installed for the specified certificate authority (CA).

Options

ca-profile ca-profile-name—Display the specified CA profile.

Required Privilege Level

maintenance and security

Output Fields

When you enter this command, you are provided feedback on the status of your request.

Sample Output

request security pki ca-certificate verify ca-profile ca1 (CRL downloaded)

This user has downloaded the certificate revocation list (CRL).

content_copy zoom_out_map
user@host> request security pki ca-certificate verify ca-profile ca1             
CA certificate ca1 verified successfully

request security pki ca-certificate verify ca-profile ca1 (CRL not downloaded)

This user has not downloaded the certificate revocation list (CRL).

content_copy zoom_out_map
user@host> request security pki ca-certificate verify ca-profile ca1             
CA certificate ca1: CRL verification in progress. Please check the PKId debug logs for completion status

request security pki ca-certificate verify ca-profile Root-CA (Verify enrolled CA certificate validity status on MX240, MX480, MX960, SRX Series Firewalls and vSRX Virtual Firewall)

You receive the following response when the CA certificate verification is failed. In this sample, the CA certificate verification is failed due to invalid CA certificate:

content_copy zoom_out_map
user@host> request security pki ca-certificate verify ca-profile Root-CA
CA certificate Root-CA verification failed. CA cert is not valid untill <05-19-2021 08:05>

request security pki ca-certificate verify ca-profile Root-CA (Verify enrolled CA certificate present in MX240, MX480, MX960, SRX Series Firewalls and vSRX Virtual Firewall)

You receive the following response when the CA certificate is missing:

content_copy zoom_out_map
user@host> request security pki ca-certificate verify ca-profile Root-CA
CA cert Root-CA Verification Failed. CA cert is missing

request security pki ca-certificate verify ca-profile CSO_37 (Verify local certificate status when the CA is unreachable for MX240, MX480, MX960, SRX Series Firewalls and vSRX Virtual Firewall)

You receive the following response when a CA is not reachable or CRL download has failed:

content_copy zoom_out_map
user@host> request security pki ca-certificate verify ca-profile CSO_37
CA certificate CSO_37 Verification Failed. Unreachable CA or CRL Download Failed

Release Information

Command introduced in Junos OS Release 8.5.

external-footer-nav