Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

default-trusted-ca-certs (Security)

Syntax

Hierarchy Level

Description

Dynamic update of trusted CA bundle requires -

  • Downloading of trusted CA bundle from Juniper Networks security website, https://signatures.juniper.net/cacert or a custom URL.

  • Uploading trusted CA bundle to PKI.

  • Periodic polling of trusted CA bundle.

This functionality is configured using the statement default-trusted-ca-certs.

Options

automatic-download

Sets automatic download of CA certs configuration.
deactivate

Disables automatic download of default CA certs.

Use this option when automatic download is configured and you plan to disable it.
interval

Specify default trusted CA certs automatic download interval.

  • Value:

    • hours—Specify a value between 1-336 hours.

  • Default:

    • If nothing is specified, it considers 24 hours as the interval.
routing-instance

Specify a routing instance for trusted CA cert download. Use this option to configure non-default routing instance.

  • Value:

    • routing-instance-name. Example: R1
url

Specify HTTP URL for OCSP (Online Certificate Status Protocol) access location. This option sets the base URL for downloading trusted CA certs.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 23.2R1.

Related Documentation