request security pki local-certificate enroll
Syntax
request security pki local-certificate enroll ca-profile ca-profile-name certificate-id certificate-id-name challenge-password password domain-name domain-name subject subject-distinguished-name <email email-address> <ip-address ip-address>
Description
Request that a certificate authority (CA) enroll and install a local digital certificate online by using the Simple Certificate Enrollment Protocol (SCEP).
Options
| ca-profile ca-profile-name | CA profile name. |
| certificate-id certificate-id-name | Name of the local digital certificate and the public/private key pair. |
| challenge-password password | Password set by the administrator and normally obtained from the SCEP enrollment webpage of the CA. The password is 16 characters in length. |
| domain-name domain-name | Fully qualified domain name (FQDN). The FQDN provides the identity of the certificate owner for Internet Key Exchange (IKE) negotiations and provides an alternative to the subject name. |
| subject subject-distinguished-name | Distinguished name format that contains the common name, department, company name, state, and country:
|
| email email-address | (Optional) E-mail address of the certificate holder. |
| ip-address ip-address | (Optional) IP address of the router. |
Required Privilege Level
maintenance
Output Fields
When you enter this command, you are provided feedback on the status of your request.
Sample Output
command-name
user@host> request security pki local-certificate enroll certificate-id r3-entrust-scep ca-profile entrust domain-name router3.example.net subject "CN=router3,OU=Engineering,O=juniper,C=US" challenge-password 123 Certificate enrollment has started. To view the status of your enrollment, check the public key infrastructure log (pkid) log file at /var/log/pkid. Please save the challenge-password for revoking this certificate in future. Note that this password is not stored on the router.
Release Information
Command introduced in Junos OS Release 7.5.