Juniper SRX certificate ‘aamw-srx-cert’: certificate does not exist

error: certificate ‘aamw-srx-cert’: certificate does not exist .
error: trusted-ca ‘aamw-cloud-ca’ does not exist!
error: trusted-ca ‘aamw-secintel-ca’ does not exist!


root# commit and-quit
[edit security pki]
‘ca-profile aamw-secintel-ca’
Missing mandatory statement: ‘ca-identity’
[edit security pki]
‘ca-profile aamw-cloud-ca’
Missing mandatory statement: ‘ca-identity’
error: commit failed: (missing mandatory statements)


root# delete security pki

root# commit and-quit
warning: You have changed enhanced services mode.
You must reboot the system for your change to take effect.
If you have deployed a cluster, be sure to reboot all nodes.
commit complete
Exiting configuration mode

Once joined to the cluster sync this with working SRX that will update all the cert.

Location of Certificates

The certificates/key-pairs used for IKE negotiations are stored in following locations,


If the cert is missing, use WinSCP to copy the /var/db/certs folder.

Categorised as: Firewall, Hardware/Software, Juniper, SRX

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.