Answer
In general, when setting up a PKI for email and file encryption and signing, you should use two sets of keys. While you certainly want two sets of keys when encrypting emails and files (one set for signing and one set for encryption) you do not need two sets for the VPN.
RSA keys are used only for authentication in IPsec. So you do not need the second set of keys for things such as long-term storage of encrypted material.
Junos OS does support Digital Signature Algorithm (DSA) keys.
For more information, see Understanding Certificates and PKI