show security pki node-local local-certificate
Syntax
show security pki node-local local-certificate<brief|detail><certificate-idcertificate-id-name |>idev-id<system-generated>
Description
Display information about the local digital certificates, corresponding public keys, and the automatically generated self-signed certificate configured on the local device in a Multinode High Availability setup.
Options
-
none—Display basic information about all configured local digital certificates, corresponding public keys, and the automatically generated self-signed certificate.
-
brief|detail—(Optional) Display the specified level of output. -
certificate-id
certificate-id-name—(Optional) Display information about only the specified local digital certificates and corresponding public keys.Use
idev-idas the certificate-id-name to display TPM-based certificate with the SRX1600, SRX2300, and SRX4300 Series Firewalls to securely identify your device. -
system-generated—Display information about the automatically generated self-signed certificate.
Required Privilege Level
view
Output Fields
Table 1 lists
the output fields for the show security pki node-local local-certificate
command. Output fields are listed in the approximate order in which they
appear.
|
Field Name |
Field Description |
|---|---|
|
|
Name of the digital certificate. |
|
|
Revision number of the digital certificate. |
|
|
Unique serial number of the digital certificate. Starting in Junos OS Release 20.1R1, PKI local certificate serial number is displayed with 0x as prefix to indicate that the PKI local certificate is in the hexadecimal format. Starting in Junos OS Release 21.4R1, you can view the serial number of the digital certificate in both hexadecimal and decimal formats. |
|
|
Device that was issued the digital certificate. |
|
|
Authority that issued the digital certificate. |
|
|
Authority that issued the digital certificate, including details of the authority organized using the distinguished name format. Possible subfields are:
|
|
|
Name of the logical systems. |
|
|
Details of the digital certificate holder organized using the distinguished name format. Possible subfields are:
If the certificate contains multiple subfield entries, all entries are displayed. |
|
|
Subject field as it appears in the certificate. |
|
|
Domain name or IP address of the device related to the digital certificate. |
|
|
Starting in Junos OS Release 21.4R1, you can view the certificate chain for a given local certificate. |
|
|
Time period when the digital certificate is valid. Values are:
|
|
|
Encryption algorithm used with the private key, such as |
|
|
Public key verification status: |
|
|
Encryption algorithm that the CA used to sign the digital certificate, such as
|
|
|
Secure Hash Algorithm ( Starting in Junos OS Release 21.4R1, you can also view the SHA-256 fingerprint for a local certificate along with SHA-1 and MD-5 fingerprints. |
|
|
Distinguished name information and URL for the certificate revocation list
( |
|
|
Use of the public key, such as |
Sample Output
- show security pki node-local local-certificate certificate-id hello
- show security pki node-local local-certificate system-generated
- show security pki node-local local-certificate system-generated detail
- show security pki node-local local-certificate certificate-id idev-id
show security pki node-local local-certificate certificate-id hello
user@host> show security pki node-local local-certificate certificate-id cert-1234
LSYS: root-logical-system
Certificate identifier: cert-1234
Issued to: tc5-5-1, Issued by: DC = Juniper, CN = root-551-AAA
Validity:
Not before: 10-14-2021 21:41 UTC
Not after: 02-13-2026 14:27 UTC
Public key algorithm: rsaEncryption(1024 bits)
Keypair Location: Keypair generated locally
show security pki node-local local-certificate system-generated
user@host> show security pki node-local local-certificate system-generated LSYS: root-logical-system Certificate identifier: system-generated Issued to: 4a505bb373d7, Issued by: CN = 4a505bb373d7, CN = system generated, CN = self-signed Validity: Not before: 07-12-2019 22:23 UTC Not after: 07-10-2024 22:23 UTC Public key algorithm: rsaEncryption(2048 bits) Keypair Location: Keypair generated locally
show security pki node-local local-certificate system-generated detail
user@host> show security pki node-local local-certificate system-generated detail
LSYS: root-logical-system
Certificate identifier: system-generated
Certificate version: 3
Serial number:
hexadecimal: 0x23171f4f104463e2847bc792c39eb614
decimal: 46643037698975347221422984685160412692
Issuer:
Common name: 4a505bb373d7, Common name: system generated, Common name: self-signed
Subject:
Common name: 4a505bb373d7, Common name: system generated, Common name: self-signed
Subject string:
CN=4a505bb373d7, CN=system generated, CN=self-signed
Validity:
Not before: 07-12-2019 22:23 UTC
Not after: 07-10-2024 22:23 UTC
Public key algorithm: rsaEncryption(2048 bits)
30:82:01:0a:02:82:01:01:00:d5:7e:5e:7a:15:90:e3:23:07:8e:e3
4b:40:0e:95:33:31:8c:17:0b:d1:78:48:2e:b5:e8:cb:44:03:f1:fd
00:57:af:e9:d9:2c:78:96:04:37:3c:4a:65:d9:f1:fb:72:14:7f:b2
d3:42:d3:84:be:e8:c5:6c:e2:f5:91:8a:41:02:30:a7:8b:2f:10:5e
ab:5e:4e:d7:d6:f1:e7:ad:e3:6c:16:8d:6b:3c:0e:11:e9:26:8a:38
99:78:0a:57:67:cc:0a:ea:fa:35:2b:f3:51:4e:cc:30:ee:e9:a7:0a
26:14:42:fc:1b:22:ec:2d:0c:3b:10:d5:fb:e3:e6:ae:c6:cc:e7:de
0f:cf:4d:a7:87:11:e1:4e:7f:33:69:c0:16:4e:80:c8:57:b4:9a:f8
90:15:d8:e6:3e:06:7a:1c:a3:34:91:92:a6:88:9f:14:f5:89:39:da
0f:88:1c:b0:bd:7d:46:23:b2:42:e8:6f:d2:34:9e:f2:bd:00:34:23
99:4e:bb:39:0e:e4:bb:b2:9b:53:02:36:30:10:b7:28:e3:c4:8c:0e
4c:fd:cf:4f:58:81:72:91:b4:82:18:cf:ba:f6:76:59:f2:d5:36:e1
3a:29:20:72:02:5b:26:45:6f:92:0c:8e:dc:6c:d4:1c:78:55:db:66
3a:e9:9a:9c:81:02:03:01:00:01
Signature algorithm: sha256WithRSAEncryption
Fingerprint:
0b:08:f8:bc:c6:a3:c1:41:75:2b:48:da:5d:a7:0f:d8:99:45:cd:8a (sha1)
8a:1b:b9:79:19:c6:c3:88:05:a8:05:28:3c:f2:b0:e9 (md5)
a3:9b:c1:c4:55:a8:f8:79:6f:a9:27:fc:f8:5a:af:45:37:dd:42:5f:2f:2b:bb:85:e3:f0:d7:99:9d:93:65:b1 (sha256)
show security pki node-local local-certificate certificate-id idev-id
user@host> show security pki node-local local-certificate certificate-id idev-id
LSYS: root-logical-system
Certificate identifier: idev-id
Issued to: SRX4300-CHAS, Issued by: C = US, ST = CA, L = Sunnyvale, O = Juniper Networks Inc., OU = Juniper CA, CN = InitialDeviceIDRSA2048CA
Validity:
Not before: 09- 7-2023 12:28 UTC
Not after: 09- 7-2123 12:38 UTC
Public key algorithm: rsaEncryption(2048 bits)
Keypair Location: Keyppair generated locally Release Information
Command modified in Junos OS Release 22.3R1.
Support for idev-id option added in Junos OS Release 24.2R1