request security pki ca-certificate ca-profile-group load
Syntax
request security pki ca-certificate ca-profile-group load ca-group-name ca-group-name filename [path/filename | default]
Description
For SSL forward proxy, you need to load trusted CA certificates on your system. By default, Junos OS provides a list of trusted CA certificates that include default certificates used by common browsers. Alternatively, you can define your own list of trusted CA certificates and import them on to your system.
Use this command to load the default certificates or to specify a path and filename of trusted CA certificates that you define.
The default
option is not supported on MX204, MX240, MX304, MX 480,
MX960, MX2008, MX2010, MX 2020, MX10004, MX10008, PTX10003-80C, PTX10003-160C, and
PTX10008 routers.
Starting in Junos OS Release 21.4R1, you can get the status of CA certificates configured under default CA profile group by executing request security pki ca-profile-group-status command . With request security pki ca-profile-group-status command, you can verify the number of CA certificates loaded and number of CA certificates missing within a CA profile group.
Starting in Junos OS Release 23.2R1, when you configure dynamic update of trusted CA bundle using the statement default-trusted-ca-certs (Security), the process of loading the default trusted CA certificates happens in the background. During this process, PKID response might slowdown for few minutes.
Options
ca-group-name ca-group-name | Load the specified CA group profile. |
filename path/filename | Directory location and filename of the trusted CA certificates defined by you. |
filename default | Load the trusted CA certificates available by default. |
Required Privilege Level
maintenance
Output Fields
When you enter this command, you are provided feedback on the status of your request.
Sample Output
request security pki ca-certificate ca-profile-group load (default)
user@host> request security pki ca-certificate ca-profile-group load ca-group-name ca-default filename default Loading of certs started Loading of <no-of-certs> trusted CA certs started in the background. PKID response might be slow for next several minutes.
Sample Output
request security pki ca-certificate ca-profile-group load (path/filename)
user@host> request security pki ca-certificate ca-profile-group load ca-group-name ca-manual filename /var/tmp/firefox-all.pem Do you want to load this CA certificate ? [yes,no] (no) yes Loading 196 certificates for group 'ca-manual'. ca-manual_1_sysgen: Loading done. ca-manual_2_sysgen: Loading done. ca-manual_3_sysgen: Loading done. ca-manual_4_sysgen: Loading done. ca-manual_5_sysgen: Loading done. ca-manual_6_sysgen: Loading done. ... ca-manual_195_sysgen: Loading done. ca-manual_196_sysgen: Loading done. ca-profile-group 'ca-manual’ successfully loaded. Success[193] Skipped[3]
Release Information
Command introduced in Junos OS Release
12.1; default
option added in Junos OS Release 12.1X47-D10.