Security
Security

How is the public key of a key pair bound to, or deleted from, a certificate request?

by Juniper Employee on ‎01-26-2016 08:02 AM - edited on ‎09-22-2017 03:44 PM by Administrator Administrator (968 Views)

Question

How is the public key of a key pair bound to, or deleted from, a certificate request?

Answer

When generating a new key pair, you must specify a certificate-ID. This certificate-ID is also used for the certificate request and again when the local certificate is loaded. To completely delete a certificate request and key pair, enter the following CLI operational mode command:

 

clear security pki

 

Two clear operations are needed: one to clear the certificate request, and another to clear the key pair.

 

When deleting a certificate request and key pair, the software does not delete both the certificate and the key pair simultaneously. This allows some administrators the ability to keep the same key pair and use a new certificate with them. You can delete the old certificate without destroying the old key pair.

 

For more information, see Understanding Certificates and PKI