ca-profile (Security PKI)

Name of a trusted CA.

Specify an administrator e-mail address to which the certificate request is sent. By default, there is no preset e-mail address.

Specify the certificate authority (CA) identity to use in requesting digital certificates. This name is typically the domain name of the CA.

Specify the enrollment parameters for a certificate authority (CA).

Use specified proxy server. If proxy profile is configured in CA profile, the device connects to the proxy host instead of the CA server while certificate enrollment, verification or revocation. The proxy host communicates with the CA server with the requests from the device, and then relay the response to the device.

Public key infrastructure (PKI) uses proxy profile configured at the system-level. The proxy profile being used in the CA profile must be configured at the [edit services proxy] hierarchy. There can be more than one proxy profile configured under [edit services proxy] hierarchy. Each CA profile is referred to the most one such proxy profile. You can configure host and port of the proxy profile at the [edit system services proxy] hierarchy.

Specify the method the device uses to verify the revocation status of digital certificates.

Specify the routing-instance to be used.

Specifies a source IPv4 or IPv6 address to be used instead of the IP address of the egress interface for communications with external servers. External servers are used for certificate enrollment and reenrollment using Simple Certificate Enrollment Protocol (SCEP) or Certificate Management Protocol version 2 (CMPv2), downloading certificate revocation lists (CRLs) using HTTP or LDAP, or checking certificate revocation status with Online Certificate Status Protocol (OCSP). If this option is not specified then the IP address of the egress interface is used as the source address.