Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - IP SERVICES CONFIGURATION GUIDE 2010-10-01 Configuration Manual page 249

ipsec key generate
ipsec key zeroize
issuer-identifier
Copyright © 2010, Juniper Networks, Inc.
host1(config)#ipsec isakmp-policy-rule 3
host1(config-ike-policy)#
Use the no version to remove policies. If you do not include a priority number with the
no version, all policies are removed.
NOTE: This command has been replaced by "ipsec ike-policy-rule" on
page 217 and may be removed completely in a future release.
See ipsec isakmp-policy-rule.
Use to generate RSA key pairs. Include a length of either 1024 or 2048 bits. The
generated keys can be used only after the CA issues a certificate for them.
Example
host1(config)#ipsec key generate rsa 2048
Please wait.................................................
..........................
IPsec Generate Keys complete
There is no no version. To remove a key pair, use the ipsec key zeroize command.
See ipsec key generate.
Use to delete RSA key pairs. Include one of the following keywords:
rsa—Removes the RSA key pair from the router
pre-share—Removes all preshared keys from the router
all—Removes all keys within the VR context from the router
Example
host1(config)#ipsec key zeroize rsa
There is no no version.
See ipsec key zeroize.
Use to specify the name of the CA issuer for online digital certificate configuration. The
identifier and the enrollment URL specified by the enrollment url command are used
together to create the CA authentication requests.
Example
host1(config-ca-identity)#issuer-identifier BetaSecurityCorp
Use the no version to remove the name from the configuration.
See issuer-identifier.
Chapter 8: Configuring Digital Certificates
223