pki
Syntax
pki {
auto-re-enrollment;
ca-profile ca-profile-name;
default-trusted-ca-certs (Security);
traceoptions;
trusted-ca-group trusted-ca-group-name {
ca-profiles ca-profiles;
}
}
Hierarchy Level
[edit security]
Description
Configure an IPsec profile and related options to request digital certificates. The Public Key Infrastructure (PKI) provides an infrastructure for digital certificate management.
You can use ‘trusted-ca’ option to specify ca-profiles that are trusted by the NTS clients. You can specify a trusted ca-group (defined under PKI) or ca-profile by name. This configuration is optional and if it is not specified then, NTP trusts all loaded ca-profiles for NTS. Only client can configure trusted-ca options.
Options
| auto-re-enrollment |
Configure the automatic reenrollment of a local end-entity (EE) certificate. |
||
| ca-profile ca-profile-name |
Configure certificate authority (CA) profile. |
||
| default-trusted-ca-certs |
Configure automatic download of default trusted CA certificates. |
||
| traceoptions |
Configure public key infrastructure (PKI) tracing options. |
||
| trusted-ca-group trusted-ca-group-name |
Configure trusted certificate authority group.
|
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
Release Information
Statement modified in Junos OS Release 8.5.
default-trusted-ca-certs option is added in Junos OS Release
23.2R1.