show security pki local-certificate
Syntax
show security pki local-certificate <brief | detail> <certificate-id certificate-id-name> <system-generated>
Description
Display information about the local digital certificates and the corresponding public keys installed in the router.
Options
none | (same as brief) Display information about all local digital certificates and corresponding public keys. |
brief | detail | (Optional) Display the specified level of output. |
certificate-id certificate-id-name | (Optional) Display information about only the specified the local digital certificate and corresponding public keys. |
system-generated | (Optional) Auto-generated self-signed certificate. |
Required Privilege Level
view
Output Fields
Table 1 lists the
output fields for the show security pki local-certificate
command. Output fields are listed in the approximate order in which
they appear.
Field Name |
Field Description |
Level of Output |
---|---|---|
Certificate identifier |
Name of the digital certificate. |
All levels |
Certificate version |
Revision number of the digital certificate. |
detail |
Serial number |
Unique serial number of the digital certificate. |
detail |
Issued by |
Authority that issued the digital certificate. |
none brief |
Issued to |
Device that was issued the digital certificate. |
none brief |
Issuer |
Authority that issued the digital certificate, including details of the authority organized using the distinguished name format. Possible subfields are:
|
detail |
Subject |
Details of the digital certificate holder organized using the distinguished name format. Possible subfields are:
|
detail |
Alternate subject |
Domain name or IP address of the device related to the digital certificate. |
detail |
Validity |
Time period when the digital certificate is valid. Values are:
|
All levels |
Public key algorithm |
Encryption algorithm used with the private key, such as rsaEncryption (1024 bits). |
All levels |
Public key verification status |
Public key verification status: Failed or Passed. The detail output also provides the verification hash. |
All levels |
Signature algorithm |
Encryption algorithm that the CA used to sign the digital certificate, such as sha1WithRSAEncryption. |
detail |
Fingerprint |
Secure Hash Algorithm (SHA1) and Message Digest 5 (MD5) hashes used to identify the digital certificate. |
detail |
Distribution CRL |
Distinguished name information and URL for the certificate revocation list (CRL) server. |
detail |
Use for key |
Use of the public key, such as Certificate signing, CRL signing, Digital signature, or Key encipherment. |
detail |
Sample Output
show security pki local-certificate
user@host> show security pki local-certificate Certificate identifier: local-entrust2 Issued to: router2.example.com, Issued by: juniper Validity: Not before: 2005 Nov 21st, 23:28:22 GMT Not after: 2008 Nov 21st, 23:58:22 GMT Public key algorithm: rsaEncryption(1024 bits) Public key verification status: Passed
show security pki local-certificate detail
user@host> show security pki local-certificate detail Certificate identifier: local-entrust3 Certificate version: 3 Serial number: 4355 94f9 Issuer: Organization: juniper, Country: us Subject: Organization: juniper, Country: us, Common name: router3.example.com Alternate subject: router3.example.com Validity: Not before: 2005 Nov 21st, 23:33:58 GMT Not after: 2008 Nov 22nd, 00:03:58 GMT Public key algorithm: rsaEncryption(1024 bits) Public key verification status: Passed fb:79:df:d4:a9:03:0f:d3:69:7e:c1:e4:27:35:9c:d9:b1:a2:47:78 d2:6d:f3:e5:f4:68:4f:b3:04:45:88:57:99:82:39:a6:51:9e:5f:42 23:3f:d7:6e:3d:a5:54:a9:b1:2d:6e:90:dd:12:8a:bf:ef:2b:20:50 ba:f0:da:d9:0c:ad:5e:d6:c6:98:3a:ae:3f:90:dd:94:78:c1:ea:2e 7c:f0:2d:d4:79:d4:cd:f0:52:df:5e:72:f2:e7:ae:66:f7:61:f4:bc 72:57:3e:6c:6d:d3:24:58:8b:f4:ef:da:2a:6a:fa:eb:98:f8:34:84 79:54:da:4f:d3:6f:52:1f Signature algorithm: sha1WithRSAEncryption Fingerprint: 61:3a:d0:b4:7a:16:9b:39:ba:81:3f:9d:ab:34:e5:c8:be:3b:a1:6d (sha1) 60:a0:ff:58:05:4a:65:73:9d:74:3a:e1:83:6f:1b:c8 (md5) Distribution CRL: C=us, O=juniper, CN=CRL1 http://CA-1/CRL/juniper_us_crlfile.crl Use for key: Digital signature
Release Information
Command introduced in Junos OS Release 7.5.