request security pki ca-certificate verify (Security)
Syntax
request security pki ca-certificate verify ca-profileca-profile-name
Description
Verify the digital certificate installed for the specified certificate authority (CA).
Options
ca-profile ca-profile-name —Display
the specified CA profile.
Required Privilege Level
maintenance and security
Output Fields
When you enter this command, you are provided feedback on the status of your request.
Sample Output
- request security pki ca-certificate verify ca-profile ca1 (CRL downloaded)
- request security pki ca-certificate verify ca-profile ca1 (CRL not downloaded)
- request security pki ca-certificate verify ca-profile Root-CA (Verify enrolled CA certificate validity status on MX240, MX480, MX960, SRX Series Firewalls and vSRX Virtual Firewall)
- request security pki ca-certificate verify ca-profile Root-CA (Verify enrolled CA certificate present in MX240, MX480, MX960, SRX Series Firewalls and vSRX Virtual Firewall)
- request security pki ca-certificate verify ca-profile CSO_37 (Verify local certificate status when the CA is unreachable for MX240, MX480, MX960, SRX Series Firewalls and vSRX Virtual Firewall)
request security pki ca-certificate verify ca-profile ca1 (CRL downloaded)
This user has downloaded the certificate revocation list (CRL).
user@host> request security pki ca-certificate verify ca-profile ca1 CA certificate ca1 verified successfully
request security pki ca-certificate verify ca-profile ca1 (CRL not downloaded)
This user has not downloaded the certificate revocation list (CRL).
user@host> request security pki ca-certificate verify ca-profile ca1 CA certificate ca1: CRL verification in progress. Please check the PKId debug logs for completion status
request security pki ca-certificate verify ca-profile Root-CA (Verify enrolled CA certificate validity status on MX240, MX480, MX960, SRX Series Firewalls and vSRX Virtual Firewall)
You receive the following response when the CA certificate verification is failed. In this sample, the CA certificate verification is failed due to invalid CA certificate:
user@host> request security pki ca-certificate verify ca-profile Root-CA CA certificate Root-CA verification failed. CA cert is not valid untill <05-19-2021 08:05>
request security pki ca-certificate verify ca-profile Root-CA (Verify enrolled CA certificate present in MX240, MX480, MX960, SRX Series Firewalls and vSRX Virtual Firewall)
You receive the following response when the CA certificate is missing:
user@host> request security pki ca-certificate verify ca-profile Root-CA CA cert Root-CA Verification Failed. CA cert is missing
request security pki ca-certificate verify ca-profile CSO_37 (Verify local certificate status when the CA is unreachable for MX240, MX480, MX960, SRX Series Firewalls and vSRX Virtual Firewall)
You receive the following response when a CA is not reachable or CRL download has failed:
user@host> request security pki ca-certificate verify ca-profile CSO_37 CA certificate CSO_37 Verification Failed. Unreachable CA or CRL Download Failed
Release Information
Command introduced in Junos OS Release 8.5.