Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - IP SERVICES CONFIGURATION GUIDE 2010-10-01 Configuration Manual page 255

show ipsec certificates
show ike certificates
Copyright © 2010, Juniper Networks, Inc.
Use to display information about IKE CA identities used by the router for online digital
certificate configuration. You can display information for a specific CA or for all CAs
configured on the router.
Field descriptions
CA—Certificate authority that the router uses to generate certificate requests
enrollment url—URL of the SCEP server where the router sends certificate requests
issuer id—Name of the CA issuer providing the digital certificates
retry period—Number of minutes that the router waits after receiving no response
from the CA before resending a certificate request
retry limit—Number of minutes during which the router continues to send a certificate
request to the CA
crl setting—Setting that controls how the router checks the certificate revocation
lists
proxy url—HTTP proxy server used to retrieve the root CA certificate, if any
Example
host1#show ipsec ca identity mysecureca1
CA: mysecureca1 parameters:
enrollment url:http://192.168.10.124/scepurl
issuer id :BetaSecurityCorp
retry period :1
retry limit :60
crl setting :optional
proxy url :
See show ipsec ca identity.
NOTE: The show ike certificates command has been replaced by the show
ipsec certificates command and may be removed completely in a future
release.
Use to display the IKE certificates and CRLs on the router. Specify the type of certificate
you want to display:
all—All certificates configured on the router
crl—Certificate revocation lists
peer—Peer certificates
Chapter 8: Configuring Digital Certificates
229