Symptoms:
root@fw-SRX1-2> show security pki ca-certificate detail node1:--------------------------------------------------------------------------
Certificate identifier: G5 Certificate version: 3 Serial number: 250ce8e030612e9f2b89f7054d7cf8fd Issuer: Organization: "VeriSign, Organizational unit: Class 3 Public Primary Certification Authority, Country: US Subject: Organization: "VeriSign, Organizational unit: VeriSign Trust Network, Organizational unit: "(c) 2006 VeriSign, Country: US, Common name: VeriSign Class 3 Public Primary Certification Authority - G5 Subject string: C=US, O="VeriSign, Inc.", OU=VeriSign Trust Network, OU="(c) 2006 VeriSign, Inc. - For authorized use only", CN=VeriSign Class 3 Public Primary Certification Authority - G5 Validity: Not before: 11- 8-2006 00:00 UTC Not after: 11- 7-2021 23:59 UTC Public key algorithm: rsaEncryption(2048 bits) 30:82:01:0a:02:82:01:01:00:af:24:08:08:29:7a:35:9e:60:0c:aa e7:4b:3b:4e:dc:7c:bc:3c:45:1c:bb:2b:e0:fe:29:02:f9:57:08:a3 64:85:15:27:f5:f1:ad:c8:31:89:5d:22:e8:2a:aa:a6:42:b3:8f:f8 b9:55:b7:b1:b7:4b:b3:fe:8f:7e:07:57:ec:ef:43:db:66:62:15:61 cf:60:0d:a4:d8:de:f8:e0:c3:62:08:3d:54:13:eb:49:ca:59:54:85 26:e5:2b:8f:1b:9f:eb:f5:a1:91:c2:33:49:d8:43:63:6a:52:4b:d2 8f:e8:70:51:4d:d1:89:69:7b:c7:70:f6:b3:dc:12:74:db:7b:5d:4b 56:d3:96:bf:15:77:a1:b0:f4:a2:25:f2:af:1c:92:67:18:e5:f4:06 04:ef:90:b9:e4:00:e4:dd:3a:b5:19:ff:02:ba:f4:3c:ee:e0:8b:eb 37:8b:ec:f4:d7:ac:f2:f6:f0:3d:af:dd:75:91:33:19:1d:1c:40:cb 74:24:19:21:93:d9:14:fe:ac:2a:52:c7:8f:d5:04:49:e4:8d:63:47 88:3c:69:83:cb:fe:47:bd:2b:7e:4f:c5:95:ae:0e:9d:d4:d1:43:c0 67:73:e3:14:08:7e:e5:3f:9f:73:b8:33:0a:cf:5d:3f:34:87:96:8a ee:53:e8:25:15:02:03:01:00:01 Signature algorithm: sha1WithRSAEncryption Distribution CRL: http://crl.verisign.com/pca3.crl Authority Information Access OCSP: http://ocsp.verisign.com Use for key: CRL signing, Certificate signing, TLS Web Server Authentication, 1.3.6.1.5.5.7.3.1, TLS Web Client Authentication, 1.3.6.1.5.5.7.3.2, Code Signing, 1.3.6.1.5.5.7.3.3, Netscape Server Gated Crypto, 2.16.840.1.113730.4.1, 2.16.840.1.113733.1.8.1, 2.16.840.1.113733.1.8.1 Fingerprint: 32:f3:08:82:62:2b:87:cf:88:56:c6:3d:b8:73:df:08:53:b4:dd:27 (sha1) f9:1f:fe:e6:a3:6b:99:88:41:d4:67:dd:e5:f8:97:7a (md5)
Certificate identifier: G4 Certificate version: 3 Serial number: 513fb9743870b73440418d30930699ff Issuer: Organization: "VeriSign, Organizational unit: VeriSign Trust Network, Organizational unit: "(c) 2006 VeriSign, Country: US, Common name: VeriSign Class 3 Public Primary Certification Authority - G5 Subject: Organization: Symantec Corporation, Organizational unit: Symantec Trust Network, Country: US, Common name: Symantec Class 3 Secure Server CA - G4 Subject string: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4 Validity: Not before: 10-31-2013 00:00 UTC Not after: 10-30-2023 23:59 UTC Public key algorithm: rsaEncryption(2048 bits) 30:82:01:0a:02:82:01:01:00:b2:d8:05:ca:1c:74:2d:b5:17:56:39 c5:4a:52:09:96:e8:4b:d8:0c:f1:68:9f:9a:42:28:62:c3:a5:30:53 7e:55:11:82:5b:03:7a:0d:2f:e1:79:04:c9:b4:96:77:19:81:01:94 59:f9:bc:f7:7a:99:27:82:2d:b7:83:dd:5a:27:7f:b2:03:7a:9c:53 25:e9:48:1f:46:4f:c8:9d:29:f8:be:79:56:f6:f7:fd:d9:3a:68:da 8b:4b:82:33:41:12:c3:c8:3c:cc:d6:96:7a:84:21:1a:22:04:03:27 17:8b:1c:68:61:93:0f:0e:51:80:33:1d:b4:b5:ce:eb:7e:d0:62:ac ee:b3:7b:01:74:ef:69:35:eb:ca:d5:3d:a9:ee:97:98:ca:8d:aa:44 0e:25:99:4a:15:96:a4:ce:6d:02:54:1f:2a:6a:26:e2:06:3a:63:48 ac:b4:4c:d1:75:93:50:ff:13:2f:d6:da:e1:c6:18:f5:9f:c9:25:5d f3:00:3a:de:26:4d:b4:29:09:cd:0f:3d:23:6f:16:4a:81:16:fb:f2 83:10:c3:b8:d6:d8:55:32:3d:f1:bd:0f:bd:8c:52:95:4a:16:97:7a 52:21:63:75:2f:16:f9:c4:66:be:f5:b5:09:d8:ff:27:00:cd:44:7c 6f:4b:3f:b0:f7:02:03:01:00:01 Signature algorithm: sha256WithRSAEncryption Distribution CRL: http://s1.symcb.com/pca3-g5.crl Authority Information Access OCSP: http://s2.symcb.com Use for key: CRL signing, Certificate signing Fingerprint: ff:67:36:7c:5c:d4:de:4a:e1:8b:cc:e1:d7:0f:da:bd:7c:86:61:35 (sha1) 23:d5:85:8e:bc:89:86:10:7c:b7:ac:1e:17:f7:26:c5 (md5)
root@fw-srx1-2> request security pki ca-certificate verify ca-profile G4
node1:
--------------------------------------------------------------------------
Error: Certificate Authority not found for certificate </C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5>
{primary:node1}
root@fw-srx1-2> request security pki ca-certificate verify ca-profile G5
node1:
--------------------------------------------------------------------------
Error: Certificate Authority not found for certificate </C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5>
root@fw-SRX2-1> show security pki ca-certificate detail
node0:
--------------------------------------------------------------------------
Certificate identifier: G5
Certificate version: 3
Serial number: 250ce8e030612e9f2b89f7054d7cf8fd
Issuer:
Organization: "VeriSign, Organizational unit: Class 3 Public Primary Certification Authority, Country: US
Subject:
Organization: "VeriSign, Organizational unit: VeriSign Trust Network, Organizational unit: "(c) 2006 VeriSign, Country: US, Common name: VeriSign Class 3 Public Primary Certification Authority - G5
Subject string:
C=US, O="VeriSign, Inc.", OU=VeriSign Trust Network, OU="(c) 2006 VeriSign, Inc. - For authorized use only", CN=VeriSign Class 3 Public Primary Certification Authority - G5
Validity:
Not before: 11- 8-2006 00:00 UTC
Not after: 11- 7-2021 23:59 UTC
Public key algorithm: rsaEncryption(2048 bits)
30:82:01:0a:02:82:01:01:00:af:24:08:08:29:7a:35:9e:60:0c:aa
e7:4b:3b:4e:dc:7c:bc:3c:45:1c:bb:2b:e0:fe:29:02:f9:57:08:a3
64:85:15:27:f5:f1:ad:c8:31:89:5d:22:e8:2a:aa:a6:42:b3:8f:f8
b9:55:b7:b1:b7:4b:b3:fe:8f:7e:07:57:ec:ef:43:db:66:62:15:61
cf:60:0d:a4:d8:de:f8:e0:c3:62:08:3d:54:13:eb:49:ca:59:54:85
26:e5:2b:8f:1b:9f:eb:f5:a1:91:c2:33:49:d8:43:63:6a:52:4b:d2
8f:e8:70:51:4d:d1:89:69:7b:c7:70:f6:b3:dc:12:74:db:7b:5d:4b
56:d3:96:bf:15:77:a1:b0:f4:a2:25:f2:af:1c:92:67:18:e5:f4:06
04:ef:90:b9:e4:00:e4:dd:3a:b5:19:ff:02:ba:f4:3c:ee:e0:8b:eb
37:8b:ec:f4:d7:ac:f2:f6:f0:3d:af:dd:75:91:33:19:1d:1c:40:cb
74:24:19:21:93:d9:14:fe:ac:2a:52:c7:8f:d5:04:49:e4:8d:63:47
88:3c:69:83:cb:fe:47:bd:2b:7e:4f:c5:95:ae:0e:9d:d4:d1:43:c0
67:73:e3:14:08:7e:e5:3f:9f:73:b8:33:0a:cf:5d:3f:34:87:96:8a
ee:53:e8:25:15:02:03:01:00:01
Signature algorithm: sha1WithRSAEncryption
Distribution CRL:
http://crl.verisign.com/pca3.crl
Use for key: CRL signing, Certificate signing, TLS Web Server Authentication, 1.3.6.1.5.5.7.3.1, TLS Web Client Authentication, 1.3.6.1.5.5.7.3.2, Code Signing, 1.3.6.1.5.5.7.3.3, Netscape Server Gated Crypto,
2.16.840.1.113730.4.1, 2.16.840.1.113733.1.8.1, 2.16.840.1.113733.1.8.1
Fingerprint:
32:f3:08:82:62:2b:87:cf:88:56:c6:3d:b8:73:df:08:53:b4:dd:27 (sha1)
f9:1f:fe:e6:a3:6b:99:88:41:d4:67:dd:e5:f8:97:7a (md5)
Auto-re-enrollment:
Status: Disabled
Next trigger time: Timer not started
Certificate identifier: G4
Certificate version: 3
Serial number: 513fb9743870b73440418d30930699ff
Issuer:
Organization: "VeriSign, Organizational unit: VeriSign Trust Network, Organizational unit: "(c) 2006 VeriSign, Country: US, Common name: VeriSign Class 3 Public Primary Certification Authority - G5
Subject:
Organization: Symantec Corporation, Organizational unit: Symantec Trust Network, Country: US, Common name: Symantec Class 3 Secure Server CA - G4
Subject string:
C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4
Validity:
Not before: 10-31-2013 00:00 UTC
Not after: 10-30-2023 23:59 UTC
Public key algorithm: rsaEncryption(2048 bits)
30:82:01:0a:02:82:01:01:00:b2:d8:05:ca:1c:74:2d:b5:17:56:39
c5:4a:52:09:96:e8:4b:d8:0c:f1:68:9f:9a:42:28:62:c3:a5:30:53
7e:55:11:82:5b:03:7a:0d:2f:e1:79:04:c9:b4:96:77:19:81:01:94
59:f9:bc:f7:7a:99:27:82:2d:b7:83:dd:5a:27:7f:b2:03:7a:9c:53
25:e9:48:1f:46:4f:c8:9d:29:f8:be:79:56:f6:f7:fd:d9:3a:68:da
8b:4b:82:33:41:12:c3:c8:3c:cc:d6:96:7a:84:21:1a:22:04:03:27
17:8b:1c:68:61:93:0f:0e:51:80:33:1d:b4:b5:ce:eb:7e:d0:62:ac
ee:b3:7b:01:74:ef:69:35:eb:ca:d5:3d:a9:ee:97:98:ca:8d:aa:44
0e:25:99:4a:15:96:a4:ce:6d:02:54:1f:2a:6a:26:e2:06:3a:63:48
ac:b4:4c:d1:75:93:50:ff:13:2f:d6:da:e1:c6:18:f5:9f:c9:25:5d
f3:00:3a:de:26:4d:b4:29:09:cd:0f:3d:23:6f:16:4a:81:16:fb:f2
83:10:c3:b8:d6:d8:55:32:3d:f1:bd:0f:bd:8c:52:95:4a:16:97:7a
52:21:63:75:2f:16:f9:c4:66:be:f5:b5:09:d8:ff:27:00:cd:44:7c
6f:4b:3f:b0:f7:02:03:01:00:01
Signature algorithm: sha256WithRSAEncryption
Distribution CRL:
http://s1.symcb.com/pca3-g5.crl
Use for key: CRL signing, Certificate signing
Fingerprint:
ff:67:36:7c:5c:d4:de:4a:e1:8b:cc:e1:d7:0f:da:bd:7c:86:61:35 (sha1)
23:d5:85:8e:bc:89:86:10:7c:b7:ac:1e:17:f7:26:c5 (md5)
Auto-re-enrollment:
Status: Disabled
Next trigger time: Timer not started
root@fw-SRX2-1> request security pki ca-certificate verify ca-profile G4
node0:
--------------------------------------------------------------------------
CA certificate G4 verified successfully
{primary:node0}
root@fw-SRX2-1> request security pki ca-certificate verify ca-profile G5
node0:
--------------------------------------------------------------------------
Error: Certificate Authority not found for certificate </C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5>
Troubleshooting:
-----BEGIN CERTIFICATE-----MIIFODCCBCCgAwIBAgIQUT+5dDhwtzRAQY0wkwaZ/zANBgkqhkiG9w0BAQsFADCByjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwHhcNMTMxMDMxMDAwMDAwWhcNMjMxMDMwMjM1OTU5WjB+MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVjIENsYXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAstgFyhx0LbUXVjnFSlIJluhL2AzxaJ+aQihiw6UwU35VEYJbA3oNL+F5BMm0lncZgQGUWfm893qZJ4Itt4PdWid/sgN6nFMl6UgfRk/InSn4vnlW9vf92Tpo2otLgjNBEsPIPMzWlnqEIRoiBAMnF4scaGGTDw5RgDMdtLXO637QYqzus3sBdO9pNevK1T2p7peYyo2qRA4lmUoVlqTObQJUHypqJuIGOmNIrLRM0XWTUP8TL9ba4cYY9Z/JJV3zADreJk20KQnNDz0jbxZKgRb78oMQw7jW2FUyPfG9D72MUpVKFpd6UiFjdS8W+cRmvvW1Cdj/JwDNRHxvSz+w9wIDAQABo4IBYzCCAV8wEgYDVR0TAQH/BAgwBgEB/wIBADAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vczEuc3ltY2IuY29tL3BjYTMtZzUuY3JsMA4GA1UdDwEB/wQEAwIBBjAvBggrBgEFBQcBAQQjMCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9zMi5zeW1jYi5jb20wawYDVR0gBGQwYjBgBgpghkgBhvhFAQc2MFIwJgYIKwYBBQUHAgEWGmh0dHA6Ly93d3cuc3ltYXV0aC5jb20vY3BzMCgGCCsGAQUFBwICMBwaGmh0dHA6Ly93d3cuc3ltYXV0aC5jb20vcnBhMCkGA1UdEQQiMCCkHjAcMRowGAYDVQQDExFTeW1hbnRlY1BLSS0xLTUzNDAdBgNVHQ4EFgQUX2DPYZBV34RDFIpgKrL1evRDGO8wHwYDVR0jBBgwFoAUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwDQYJKoZIhvcNAQELBQADggEBAF6UVkndji1l9cE2UbYD49qecxnyH1mrWH5sJgUs+oHXXCMXIiw3k/eG7IXmsKP9H+IyqEVv4dn7ua/ScKAyQmW/hP4WKo8/xabWo5N9Q+l0IZE1KPRj6S7t9/Vcf0uatSDpCr3gRRAMFJSaXaXjS5HoJJtGQGX0InLNmfiIEfXzf+YzguaoxX7+0AjiJVgIcWjmzaLmFN5OUiQt/eV5E1PnXi8tTRttQBVSK/eHiXgSgW7ZTaoteNTCLD0IX4eRnh8OsN4wUmSGiaqdZpwOdgyA8nTYKvi4Os7X1g8RvmurFPW9QaAiY4nxug9vKWNmLT+sjHLF+8fk1A/yO0+MKcc=-----END CERTIFICATE----------BEGIN CERTIFICATE-----MIIE0DCCBDmgAwIBAgIQJQzo4DBhLp8rifcFTXz4/TANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDYxMTA4MDAwMDAwWhcNMjExMTA3MjM1OTU5WjCByjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1nmAMqudLO07cfLw8RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbext0uz/o9+B1fs70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIzSdhDY2pSS9KP6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQGBO+QueQA5N06tRn/Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+rCpSx4/VBEnkjWNHiDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/NIeWiu5T6CUVAgMBAAGjggGbMIIBlzAPBgNVHRMBAf8EBTADAQH/MDEGA1UdHwQqMCgwJqAkoCKGIGh0dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMuY3JsMA4GA1UdDwEB/wQEAwIBBjA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2NwczAdBgNVHQ4EFgQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nby5naWYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC52ZXJpc2lnbi5jb20wPgYDVR0lBDcwNQYIKwYBBQUHAwEGCCsGAQUFBwMCBggrBgEFBQcDAwYJYIZIAYb4QgQBBgpghkgBhvhFAQgBMA0GCSqGSIb3DQEBBQUAA4GBABMC3fjohgDyWvj4IAxZiGIHzs73Tvm7WaGY5eE43U68ZhjTresY8g3JbT5KlCDDPLq9ZVTGr0SzEK0saz6r1we2uIFjxfleLuUqZ87NMwwq14lWAyMfs77oOghZtOxFNfeKW/9mz1Cvxm1XjRl4t7mi0VfqH5pLr7rJjhJ+xr3/-----END CERTIFICATE-----
root@fw-SRX1-1> show security pki local-certificate detail
node0:
--------------------------------------------------------------------------
Certificate identifier: SRX1
Certificate version: 3
Serial number: 2d6f03041e93e1e97acd758ae940e6db
Issuer:
Organization: Symantec Corporation, Organizational unit: Symantec Trust Network, Country: US, Common name: Symantec Class 3 Secure Server CA - G4
Subject:
Organization: GG, Organizational unit: IT, Country: CA, State: Ontario, Locality: srx1, Common name: srx1.gg.com
Subject string:
C=CA, ST=Ontario, L=srx1, O=gg, OU=IT, CN=srx1.gg.com
Alternate subject: email empty, srx1.gg.com, ip empty
Validity:
Not before: 01- 9-2015 00:00 UTC
Not after: 04- 5-2018 23:59 UTC
Public key algorithm: rsaEncryption(2048 bits)
30:82:01:0a:02:82:01:01:00:9d:96:c7:76:c3:66:25:c3:ec:58:61
ee:c9:9d:82:ae:d6:de:26:ff:50:e8:b1:a0:ce:cd:0f:1a:f2:59:56
9f:7f:49:aa:de:88:a8:5d:4c:69:0a:5b:f0:91:a7:49:e4:9b:3b:df
e4:0e:24:7d:23:fe:32:4b:c0:9e:a6:37:ff:0c:7b:ae:02:6b:1c:b7
7c:79:29:e3:73:4d:4f:3d:5a:38:4a:f6:43:03:8b:b9:8e:19:ea:bb
cd:52:00:5d:a8:b5:a8:3a:92:3c:38:06:13:32:50:56:31:3f:be:68
a2:b7:e4:f0:2d:0c:a2:f1:0b:22:b3:ea:2a:9e:47:7b:5b:aa:cc:43
9d:f2:4e:e5:86:9f:c8:37:fc:02:d4:66:34:93:e0:d6:6b:35:c9:5d
25:29:90:6d:ab:8c:1e:00:a1:cb:79:27:b4:f9:26:2e:e4:22:20:28
70:e1:51:b6:7d:4a:34:07:c9:a3:69:49:26:34:6a:0b:66:ee:0c:29
a5:c6:14:04:fb:64:49:31:72:cb:10:15:c4:c4:2b:66:b3:8c:3d:21
76:34:3d:6a:83:0b:50:92:fe:32:a4:0c:7b:d2:82:d2:3f:61:63:59
8c:57:4b:c7:99:09:a0:57:45:6c:e9:fb:64:34:80:46:dc:43:ce:4d
1b:d0:d9:0a:e3:02:03:01:00:01
Signature algorithm: sha256WithRSAEncryption
Distribution CRL:
http://ss.symcb.com/ss.crl
Use for key: Key encipherment, Digital signature, TLS Web Server Authentication, 1.3.6.1.5.5.7.3.1, TLS Web Client Authentication, 1.3.6.1.5.5.7.3.2
Fingerprint:
8a:ea:0d:e2:a9:28:65:d1:d4:e0:6d:77:7e:aa:75:7d:69:7d:1f:ab (sha1)
c7:b2:a1:ad:36:aa:8e:40:3d:5e:c9:cb:ad:9b:3f:10 (md5)
Auto-re-enrollment:
Status: Disabled
Next trigger time: Timer not started
Solutions:
root@fw-SRX1-2> request security pki ca-certificate load ca-profile G5 filename /var/tmp/G5.pem
node1:
--------------------------------------------------------------------------
error: Command aborted as CA certificate already exists. Retry after clearing the existing CA certificate
root@fw-SRX1-2> clear security pki ca-certificate ca-profile G5
root@fw-SRX1-2> request security pki ca-certificate load ca-profile G5 filename /var/tmp/G5.pem
node1:
--------------------------------------------------------------------------
Fingerprint:
4e:b6:d5:78:49:9b:1c:cf:5f:58:1e:ad:56:be:3d:9b:67:44:a5:e5 (sha1)
cb:17:e4:31:67:3e:e2:09:fe:45:57:93:f3:0a:fa:1c (md5)
CA certificate for profile G5 loaded successfully
root@fw-SRX1-2> request security pki ca-certificate verify ca-profile G4
node1:
--------------------------------------------------------------------------
CA certificate G4 verified successfully
root@fw-SRX1-2> request security pki ca-certificate verify ca-profile G5
node1:
--------------------------------------------------------------------------
CA certificate G5 verified successfully
root@fw-SRX1-2> show security pki ca-certificate node0:--------------------------------------------------------------------------
Certificate identifier: G5 Issued to: VeriSign Class 3 Public Primary Certification Authority - G5, Issued by: C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 2006 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 3 Public Primary Certification Authority - G5 Validity: Not before: 11- 8-2006 00:00 UTC Not after: 07-16-2036 23:59 UTC Public key algorithm: rsaEncryption(2048 bits)
Certificate identifier: G4 Issued to: Symantec Class 3 Secure Server CA - G4, Issued by: C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 2006 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 3 Public Primary Certification Authority - G5 Validity: Not before: 10-31-2013 00:00 UTC Not after: 10-30-2023 23:59 UTC Public key algorithm: rsaEncryption(2048 bits)