Log in to ask questions, share your expertise, or stay connected to content you value. Don’t have a login? Learn how to become a member.
Question What version of X.509 certificates are supported (V1 or V3)? Answer Juniper Networks supports both versions of X.509 certificates. However, you must use V3 if you want to use the SubjectAlternativeName extension field for a non-DN (distinguished name) Internet Key Exchange (IKE) ID type (for example, IP address, e-mail address, or fully qualified domain name [FQDN]). For more information, see Understanding Certificates and PKI #InternetKeyExchange #X.509certificate #FAQ
Junos OS follows the PKI profile described in RFC3280 and supports: Installation of end-entity (EE) or CA certificate Encode, including the X.509 or PKCS7, DER or PEM Compatibility with X.509 v3 and handling of extensions defined in RFC3280. For more information, see Understanding Certificates and PKI #JunosOS #RFC2459 #RFC3280 #X.509 #PKCS7 #pki #FAQ