Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

show services ssl certificate

Syntax

Description

Display information about the SSL certificates available on the device.

Note:

When the CLI is in logical system context mode and you enter an operational-mode command, the output of the command displays information related to the logical system only.

Options

all

Display information about all SSL certificates.
brief

Display brief information about SSL certificate.
detail

Display detail information about SSL certificates.
pic-info fpc-slot slot number pic-slot slot-number

Display the information for the FPC in the specified slot.

Required Privilege Level

view

Output Fields

Table 1 lists the output fields for the show services ssl certificate command. Output fields are listed in the approximate order in which they appear.

Table 1: show services ssl certificate Output Fields

Field Name

Field Description

Level of Output

CertID

Name of the local digital certificate.

all, brief, detail

Certificate Type

Type of certificate. That is—Signing certificate (LOCAL-CERT) which is used to sign other certificates or it is CA-CERT used to verify other certificates in context of SSL-proxy.

brief, detail

cert modify time

Indicates the time when the certificate data was last modified.

detail

key modify time

Indicates the time when the certificate key was last modified (displayed in local certificate only).

detail

certificate version

Version of the digital certificate.

detail

Serial number

Unique serial number of the digital certificate.

detail

Issuer

Authority that issued the digital certificate, including details of the authority organized using the distinguished name format. Possible subfields are:

  • C—Country of origin.

  • ST—State or province name.

  • L—Locality.

  • O—Organization of origin.

  • OU—Organizational unit.

  • CN—Common name of the authority.

  • emailAddress—Common name of the authority.

brief, detail

Subject

Details of the digital certificate holder organized using the distinguished name format. Possible subfields are:

  • C—Country of origin.

  • ST—State or province name.

  • L—Locality.

  • O—Organization of origin.

  • OU—Organizational unit.

  • CN—Common name of the authority.

  • emailAddress—Common name of the authority.

brief, detail

validity

Validity of the certificate (displayed in local certificate only). It includes:

  • not before—Start time when the digital certificate becomes valid.

  • not after—End time when the digital certificate becomes invalid.

detail

Public Key algorithm

Encryption algorithm used with the private key, such as rsaEncryption (1024 bits).

brief, detail

Signature algorithm

Encryption algorithm that the CA used to sign the digital certificate, such as sha1WithRSAEncryption.

detail

CRL

Certificate revocation list related information (displayed for CA certificates only). It includes:

  • present—list of digital certificates that have been revoked before their expiration date are present or not.

  • check—CRL check status: enabled or disabled.

  • download-failed—Indicates the download status of the certificate revocation list.

  • check-on-download-fail—Indicates checking of the certificates against the local CRL file is enabled when the CRL download fails.

detail

Sample Outputs

show services ssl certificate all

command-name

command-name

show services ssl certificate detail (Local Certificate)

show services ssl certificate detail (CA Certificate)

Release Information

Command introduced in Junos OS Release 19.3R1.

Related Documentation