Table of Contents
Advertisement
JUNOSe 11.0.x IP Services Configuration Guide
show ipsec certificates
show ike certificates
NOTE: The show ike certificates command has been replaced by the show ipsec
certificates command and may be removed completely in a future release.
238
Monitoring Digital Certificates and Public Keys
retry limit Number of minutes during which the router continues to send
a certificate request to the CA
crl setting Setting that controls how the router checks the certificate
revocation lists
proxy url HTTP proxy server used to retrieve the root CA certificate, if any
Example
host1#show ipsec ca identity mysecureca1
CA: mysecureca1 parameters:
enrollment url:http://192.168.10.124/scepurl
issuer id
:BetaSecurityCorp
retry period
:1
retry limit
:60
crl setting
:optional
proxy url
:
See show ipsec ca identity.
Use to display the IKE certificates and CRLs on the router. Specify the type of
certificate you want to display:
all All certificates configured on the router
crl Certificate revocation lists
peer Peer certificates
public-certs Public certificates
root-cas Root CA certificates
Use the hex-format keyword to display certificate data, such as serial numbers,
in hexadecimal format. Doing so allows easier comparison with CAs, such as
Microsoft, that display certificates in hexadecimal format.
Field descriptions
Ca identity Certificate authority that the router uses to generate certificate
requests
SubjectName Distinguished name for the certificate
IssuerName Organization that signed and issued the certificate
SerialNumber Unique serial number assigned to the certificate by the CA
Advertisement
Table of Contents
