error: error load certid<test> when attempting to import signed certificate in Juniper SRX Firewall

Code:

 request security pki local-certificate load filename /var/tmp/cert.crt key /var/tmp/priv.key certificate-id test                
error: error load certid<test>

99% of the cases when this error appears in Juniper SRX firewall is when the user attempts to load a public/signed certificate generated with a different private key than the one that SRX is aware of.

In many of these cases, users generate private key on the SRX, then they copy another key file generated on an external system overwriting existing one and they start "playing" in production. This is wrong approach because when a key pair is generated by Junos on the SRX, it is cached in the PKI daemon. On top of this, the key pair generated by the firewall has an extra header when it is written to disk containing a hash.

If this is overwritten, old key will still be in memory and the user tries to load a signed/local certificate generated with the key that was copied to /var/db/certs/common/key-pair/ directory and the above error will be displayed. If the srx is restarted, another error will appear.

Use the guide [url]http://forum.ivorde.ro/pki-how-to-import-openssl-private-key-and-public-certificate-in-juniper-srx-t19301.html[/url to do this properly by importing an externally generated private key into the SRX instead of "scp" method.