A digital certificate is an electronic means for verifying your identity through a trusted third party, known as a certificate authority (CA). Alternatively, you can use a self-signed certificate to attest to your identity.
The CA server you use can be owned and operated by an independent CA or by your own organization, in which case you become your own CA. If you use an independent CA, you must contact them for the addresses of their CA and certificate revocation list (CRL) servers (for obtaining certificates and CRLs) and for the information they require when submitting personal certificate requests. When you are your own CA, you determine this information yourself.
The Public Key Infrastructure (PKI) provides an infrastructure for digital certificate management. In general, PKI is a hierarchy of trust that enables users of a public network to securely and privately exchange data through the use of public and private cryptographic key pairs that are obtained and shared with peers through a trusted authority.
Junos OS uses public/private keys in the following areas:
To ramp up on general certificates and PKI information, click: Understanding Certificates and PKI
This article provides answers to the most common questions about certificates and PKI for Junos OS devices.
For more details on digital certificates, click Digital Certificates Overview