Answer
Juniper Networks supports both versions of X.509 certificates. However, you must use V3 if you want to use the SubjectAlternativeName extension field for a non-DN (distinguished name) Internet Key Exchange (IKE) ID type (for example, IP address, e-mail address, or fully qualified domain name [FQDN]).
For more information, see Understanding Certificates and PKI