Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

header-navigation
keyboard_arrow_up
close
keyboard_arrow_left
Junos CLI Reference
Table of Contents Expand all
list Table of Contents
file_download PDF
{ "lLangCode": "en", "lName": "English", "lCountryCode": "us", "transcode": "en_US" }
English
keyboard_arrow_right

request security pki generate-key-pair (Security)

date_range 19-Nov-23

Syntax

content_copy zoom_out_map
request security pki generate-key-pair certificate-id certificate-id-name
<size (256 | 384 | 1024 | 2048 | 4096 | 521)>
<type (dsa | ecdsa | rsa)>

Description

Generate a public key infrastructure (PKI) public/private key pair for a local digital certificate.

Options

certificate-id certificate-id-name

Name of the local digital certificate and the public/private key pair.

size

Key pair size. The key pair size can be 256, 384, 521, 1024, 2048, or 4096 bits. Key pair sizes of 256, 384, and 521 bits are compatible with ECDSA. For Digital Signal Algorithm (DSA) and Rivest Shamir Adleman (RSA), algorithms the size must be 1024, 2048, or 4096. The default key pair size is 1024 for DSA and 2048 for RSA.

The following are supported when ECDSA-521 signatures are used:

  • Load a complete certificate, which is generated using an external tool like OpenSSL into PKI.

  • Manually generate a Certificate Signing Request (CSR) for a local certificate and sending the CSR to a (Certificate Authority) CA server to enroll.

  • Automatic enroll with CA server.

type

The algorithm to be used for encrypting the public/private key pair:

  • ecdsa—ECDSA encryption

  • dsa— DSA encryption

  • rsa—RSA encryption (default)

Required Privilege Level

maintenance

Output Fields

When you enter this command, you are provided feedback on the status of your request.

Sample Output

request security pki generate-key-pair

content_copy zoom_out_map
user@host> request security pki generate-key-pair type [xxx] size [xxx] certificate-id test              
Generated key pair test, key size [xxx] bits

Release Information

Command introduced in Junos OS Release 11.1.

Options to support Elliptic Curve Digital Signature Algorithm (ECDSA) added in Junos OS Release 12.1X45-D10.

521 option to support ECDSA introduced in Junos OS Release 19.1R1 on SRX5000 line of devices with SRX5K-SPC3 card.

footer-navigation