Hello forum guys,
Recently installed MIC card for ipsec vpn services and tried to load certificate - ca loded sucessfully:
root# run request security pki generate-key-pair certificate-id
INSTA_Tampere_CA_Level_L1a size 2048
Generated key pair INSTA_Tampere_CA_Level_L1a, key size 2048 bits
admin@MX-80-1-Feve3-Rack-21# run request security pki ca-certificate load ca-profile
INSTA_Tampere_CA_Level_L1a filename /var/tmp/cert12224039.crt
Fingerprint:
2b:1d:cc:c0:11:90:2b:5d:df:9f:e5:83:76:9e:a5:28:2b:20:d1:56 (sha1)
69:e1:d0:f6:78:9a:e9:34:38:29:20:92:38:44:f6:e0 (md5)
Do you want to load this CA certificate ? [yes,no] (no) yes
CA certificate for profile INSTA_Tampere_CA_Level_L1a loaded successfully
root# run request security pki ca-certificate verify ca-profile INSTA_Tampere_CA_Level_L1a CA certificate INSTA_Tampere_CA_Level_L1a verified successfull
however I have a problem to load local certificate:
root# run request security pki local-certificate enroll ca-profile
INSTA_Tampere_CA_Level_L1a certificate-id INSTA_Tampere_CA_Level_L1a challenge-password
this_is_very_secret ip-address 10.42.131.130 subject CN=JuniperMX
root# run request security pki crl load ca-profile INSTA_Tampere_CA_Level_L1a
filename /var/tmp/currentcrl-13190.crl
CRL for CA profile INSTA_Tampere_CA_Level_L1a loaded successfully
admin@MX-80-1-Feve3-Rack-21# ...-certificate verify certificate-id INSTA_Tampere_CA_Level_L1a
Error: Certificate INSTA_Tampere_CA_Level_L1a doesn't exist
WHen I looked at the logs, I see following:
Sep 2 11:33:30 load_one_x509File, load one cert to hash
Sep 2 11:33:30 count x509 object, type<2>
Sep 2 11:33:30 Inside pkid_add_obj_to_lhash, retrieved obj type <2> from lhash just saved
Sep 2 11:33:30 Inside pkid_add_obj_to_lhash, store obj type <2> to lhash, id <INSTA_Tampere_CA_Level_L1a>
Sep 2 11:33:30 pkid_retrieve_obj_from_lhash, try retrieve obj from lhash type <2> for id <INSTA_Tampere_CA_Level_L1a>
Sep 2 11:33:30 pkid_retrieve_obj_from_lhash, retrieved obj from lhash for id <INSTA_Tampere_CA_Level_L1a>
Sep 2 11:33:30 pkid_retrieve_obj_from_lhash, try retrieve obj from lhash type <2> for id <INSTA_Tampere_CA_Level_L1a>
Sep 2 11:33:30 pkid_retrieve_obj_from_lhash, retrieved obj from lhash for id <INSTA_Tampere_CA_Level_L1a>
Sep 2 11:33:30 pkid_retrieve_obj_from_lhash, try retrieve obj from lhash type <2> for id <INSTA_Tampere_CA_Level_L1a>
Sep 2 11:33:30 pkid_retrieve_obj_from_lhash, retrieved obj from lhash for id <INSTA_Tampere_CA_Level_L1a>
Sep 2 11:33:30 pkid_save_obj_to_file, save to </var/db/certs/common/crl/INSTA_Tampere_CA_Level_L1a.crl>
Sep 2 11:33:31 pkid_retrieve_obj_from_lhash, try retrieve obj from lhash type <2> for id <INSTA_Tampere_CA_Level_L1a>
Sep 2 11:33:31 pkid_retrieve_obj_from_lhash, retrieved obj from lhash for id <INSTA_Tampere_CA_Level_L1a>
Sep 2 11:33:31 pkid_load_crl: Checking for REVOKED-CERTS for CA INSTA_Tampere_CA_Level_L1a
Sep 2 11:33:33 checkLdapResponse
Sep 2 11:35:14 Inside pkid_request_security_pki_local_cert_verify, pid<6956>
Sep 2 11:35:14 pkid_request_security_pki_local_cert_verify, key</var/db/certs/common/key-pair/INSTA_Tampere_CA_Level_L1a.priv> cert</var/db/certs/common/local/INSTA_Tampere_CA_Level_L1a.cert>
Sep 2 11:35:14 pkid_retrieve_obj_from_lhash, try retrieve obj from lhash type <2> for id <INSTA_Tampere_CA_Level_L1a>
Sep 2 11:35:14 pkid_retrieve_obj_from_lhash, error retrieve obj from lhash for id <INSTA_Tampere_CA_Level_L1a>
Sep 2 11:35:14 pkid_verify_certificate_chain: error retrieve cert <INSTA_Tampere_CA_Level_L1a> from lhash
Sep 2 11:35:14 Cannot allocate data structure to verify certificate.
Sep 2 11:35:14 pkid_request_security_pki_local_cert_verify, error verify local cert id<INSTA_Tampere_CA_Level_L1a>
Sep 2 11:36:33 ldapT100Expire
Have I miseed somethink?