How to generate a PKCS10 certificate request on a J Series or SRX Series device
Обновлено 01.08.2016
![Juniper](/wp-content/uploads/2015/01/Juniper.png)
Juniper
SUMMARY:
PROBLEM OR GOAL:
SOLUTION:
To request a PKI X.509 certificate follow the steps below using CLI:
1. Create a CA profile in security > pki hierarchy.Syntax:
Example:
2. Generate a key pair.
request security pki generate-key-pair certificate-id <cert-id-name> size <size>
- Size Possible completions:
- 1024 1024 bits
- 2048 2048 bits
- 512 512 bits
Example:
3. Generate PKCS #10 certificate request. You can either specify a filename or copy and paste the certificate request information (highlighted in RED below) directly in email to your CA.
Generated key pair ms-cert, key size 1024 bits
request security pki generate-certificate-request certificate-id <cert-id-name> subject "subject-details" [ip-address | domain-name | email ] [filename]
- where "subject-details" format is "DC=<Domain-Component>,CN=<Common-Name>,OU=<Organizational-Unit-name>,O=<Organization-name>,L=<Locality>,ST=<state>,C=<Country>"
Example:
root@CORPORATE> request security pki generate-certificate-request certificate-id ms-cert subject "CN=John Doe,OU=Sales,O=Juniper Networks,L=Sunnyvale,ST=CA,C=US" ip-address 172.19.51.162
Generated certificate request
-----BEGIN CERTIFICATE REQUEST-----
MIIBzjCCATcCAQAwbDERMA8GA1UEAxMISm9obiBEb2UxDjAMBgNVBAsTBVNhbGVz
MRkwFwYDVQQKExBKdW5pcGVyIE5ldHdvcmtzMRIwEAYDVQQHEwlTdW5ueXZhbGUx
CzAJBgNVBAgTAkNBMQswCQYDVQQGEwJVUzCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
gYkCgYEA2oEJhU3bkXuL3r+Bpj3fr5A1NqgL7kd7JAUjavcQYq93tjEGKdcCGSVn
7zOjiuc8uNCk8SqZuyVWjHULeACUjnMs/N134egkl0oDtiEuU9ZStDT6yxbseD3d
/JnTh2TR1EEUCTQPMPJEce0szXXJnRHXp4pwYk3CRHNAEOoQCikCAwEAAaAiMCAG
CSqGSIb3DQEJDjETMBEwDwYDVR0RBAgwBocErBMzojANBgkqhkiG9w0BAQUFAAOB
gQDHUEx0VBDYHj/QgEy4ponzlJNSMKwtZpwARsAfjH4yp2BGpwBPToVwXlDzdKSb
cJKG4qwzQCsQH7CAav2j7EFDX1kdx7DZ2HbpyTPZEnIgio674aIc15jLm1VPDGdu
ZT6Gjt1QiHOC4MVSsdIKKcALYcaFtZOYX5PGqE1SMFUTFg==
-----END CERTIFICATE REQUEST-----
Fingerprint:
07:09:4c:0d:fe:5a:51:fc:1b:f0:da:98:0a:3f:bf:64:2f:a8:dd:14 (sha1)
54:09:9e:96:06:6f:fc:21:c4:e7:e2:13:5f:b4:08:77 (md5)
Certificate identifier: ms-cert
Certificate version: 1
Issued to: CN = John Doe, OU = Sales, O = Juniper Networks, L = Sunnyvale, ST = CA, C = US
Public key algorithm: rsaEncryption(1024 bits)
30:81:89:02:81:81:00:da:81:09:85:4d:db:91:7b:8b:de:bf:81:a6
3d:df:af:90:35:36:a8:0b:ee:47:7b:24:05:23:6a:f7:10:62:af:77
b6:31:06:29:d7:02:19:25:67:ef:33:a3:8a:e7:3c:b8:d0:a4:f1:2a
99:bb:25:56:8c:75:0b:78:00:94:8e:73:2c:fc:dd:77:e1:e8:24:97
4a:03:b6:21:2e:53:d6:52:b4:34:fa:cb:16:ec:78:3d:dd:fc:99:d3
87:64:d1:d4:41:14:09:34:0f:30:f2:44:71:ed:2c:cd:75:c9:9d:11
d7:a7:8a:70:62:4d:c2:44:73:40:10:ea:10:0a:29:02:03:01:00:01
Fingerprint:
3d:41:7f:84:9a:3b:11:6e:7e:f2:9d:10:d5:33:fe:8c:16:fd:c2:a9 (sha1)
71:a2:36:ba:6a:90:b9:16:ac:66:48:b0:cf:d3:58:24 (md5)
4. Send certificate request to your Certificate Authority (CA). Your CA will generate your local certificate and CA certificate.
Популярные Похожие записи:
Не видятся все шаблоны в Enable Certificate Templates
Ошибка certificate chain processed corrently 0x800b0112
Ошибка the rpc server is unavailable 0x800706ba на CA Active Directory
Ошибка 0xC000018C An Error occured during Logon
Как обновить сертификат на WAP и ADFS серверах
Ошибка активации 0xC004F034 на KMS сервере
Добавить комментарий