request security pki local-certificate enroll cmpv2
Syntax
request security pki local-certificate enroll cmpv2
ca-dn subject-dn
ca-profile ca-profile name
ca-reference reference
ca-secret shared-secret
certificate-id certificate-id-name
domain-name domain-name
email email-address
ip-address ip-address
ipv6-address ipv6-address
subject subject-distinguished-name
Description
Enroll and install a local digital certificate online by using CMPv2. This command loads both end-entity (EE) and CA certificates based on the CA server configuration. Certificate revocation list (CRL) or Online Certificate Status Protocol (OCSP) can be used to check the revocation status of a certificate.
Options
| ca-dn subject-dn | The distinguished name (DN) of the CA enrolling the EE certificate must be specified during enrollment. This optional parameter is mandatory if the CA certificate is not already enrolled. If the CA certificate is already enrolled, the subject DN is extracted from the CA certificate. |
| ca-profile ca-profile-name | CA profile name. |
| ca-reference reference | Out-of-band reference value received from the CA server. |
| ca-secret shared-secret | Out-of-band secret value received from the CA server. |
| certificate-id certificate-id-name | Name of the local digital certificate and the public/private key pair. |
| domain-name domain-name | Fully qualified domain name (FQDN). The FQDN provides the identity of the certificate owner for Internet Key Exchange (IKE) negotiations and provides an alternative to the subject name. |
| email email-address | E-mail address of the certificate holder. |
| ip-address ip-address | IP address of the router. |
| ipv6-address ipv6-address | IPv6 address of the router for the alternate subject. |
| subject subject-distinguished-name | Distinguished Name (DN) format that contains the domain component, common name, department, serial number, company name, state, and country in the following format: DC, CN, OU, O, SN, L, ST, C.
|
Required Privilege Level
maintenance and security
Output Fields
When you enter this command, you are provided feedback on the status of your request.
Sample Output
command-name
user@host> request security pki local-certificate enroll cmpv2 ca-profile root-552 ca-dn DC=example,CN=root-552 certificate-id tc552 email tc552-root@example.net domain-name example.net ip-address 192.0.2.22 ca-secret example ca-reference 51892 subject CN=example,OU=SBU,O=552-22 Certificate enrollment has started. To view the status of your enrollment, check the public key infrastructure log (pkid) log file at /var/log/pkid.
Release Information
Command introduced in Junos OS Release 15.1X49-D40.