Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

show security pki node-local local-certificate

Syntax

Description

Display information about the local digital certificates, corresponding public keys, and the automatically generated self-signed certificate configured on the local device in a Multinode High Availability setup.

Options

  • none—Display basic information about all configured local digital certificates, corresponding public keys, and the automatically generated self-signed certificate.

  • brief | detail—(Optional) Display the specified level of output.

  • certificate-id certificate-id-name —(Optional) Display information about only the specified local digital certificates and corresponding public keys.

    Use idev-id as the certificate-id-name to display TPM-based certificate with the SRX1600, SRX2300, and SRX4300 Series Firewalls to securely identify your device.

  • system-generated—Display information about the automatically generated self-signed certificate.

Required Privilege Level

view

Output Fields

Table 1 lists the output fields for the show security pki node-local local-certificate command. Output fields are listed in the approximate order in which they appear.

Table 1: show security pki node-local local-certificate Output Fields

Field Name

Field Description

Certificate identifier

Name of the digital certificate.

Certificate version

Revision number of the digital certificate.

Serial number

Unique serial number of the digital certificate. Starting in Junos OS Release 20.1R1, PKI local certificate serial number is displayed with 0x as prefix to indicate that the PKI local certificate is in the hexadecimal format.

Starting in Junos OS Release 21.4R1, you can view the serial number of the digital certificate in both hexadecimal and decimal formats.

Issued to

Device that was issued the digital certificate.

Issued by

Authority that issued the digital certificate.

Issuer

Authority that issued the digital certificate, including details of the authority organized using the distinguished name format. Possible subfields are:

  • Organization—Organization of origin.

  • Organizational unit—Department within an organization.

  • Country—Country of origin.

  • Locality—Locality of origin.

  • Common name—Name of the authority.

LSYS

Name of the logical systems.

Subject

Details of the digital certificate holder organized using the distinguished name format. Possible subfields are:

  • Organization—Organization of origin.

  • Organizational unit—Department within an organization.

  • Country—Country of origin.

  • Locality—Locality of origin.

  • Common name—Name of the authority.

  • Serial number—Serial number of the device.

If the certificate contains multiple subfield entries, all entries are displayed.

Subject string

Subject field as it appears in the certificate.

Alternate subject

Domain name or IP address of the device related to the digital certificate.

Cert-Chain

Starting in Junos OS Release 21.4R1, you can view the certificate chain for a given local certificate.

Validity

Time period when the digital certificate is valid. Values are:

  • Not before—Start time when the digital certificate becomes valid.

  • Not after—End time when the digital certificate becomes invalid.

Public key algorithm

Encryption algorithm used with the private key, such as rsa Encryption(1024 bits).

Public key verification status

Public key verification status: Failed or Passed. The detail output also provides the verification hash.

Signature algorithm

Encryption algorithm that the CA used to sign the digital certificate, such as sha1WithRSAEncryption.

Fingerprint

Secure Hash Algorithm (SHA1) and Message Digest 5 (MD5) hashes used to identify the digital certificate.

Starting in Junos OS Release 21.4R1, you can also view the SHA-256 fingerprint for a local certificate along with SHA-1 and MD-5 fingerprints.

Distribution CRL

Distinguished name information and URL for the certificate revocation list (CRL) server.

Use for key

Use of the public key, such as Certificate signing, CRL signing, Digital signature, or Data encipherment.

Sample Output

show security pki node-local local-certificate certificate-id hello

show security pki node-local local-certificate system-generated

show security pki node-local local-certificate system-generated detail

show security pki node-local local-certificate certificate-id idev-id

Release Information

Command modified in Junos OS Release 22.3R1.

Support for idev-id option added in Junos OS Release 24.2R1