Log in to ask questions, share your expertise, or stay connected to content you value. Don’t have a login? Learn how to become a member.
Question What RFC does Juniper Networks support for PKI and its profile? Answer Juniper Networks supports RFC3280. Junos OS also has all the required security features of RFC2459 (the predecessor of RFC3280). Junos OS follows the PKI profile described in RFC3280 and supports: ...
Question Are there special characters to consider, or avoid, when doing PKI? Answer The comma (,) is a special character in ASN.1 DN and requires an escape character, to use which is the backslash (\). The UTF-8 encoded string should not have any of the following characters: A...
Question Does Juniper Networks provide a CA with its products? Answer No. If you want to use a public key infrastructure (PKI), you must obtain third-party certificate authority (CA) software to implement the PKI or use a service such as Verisign. For more information, see ...
Question Why does the Junos OS device not use or support two sets of keys for a virtual private network (VPN)? Answer In general, when setting up a PKI for email and file encryption and signing, you should use two sets of keys. While you certainly want two sets of keys when encrypting...
A digital certificate is an electronic means for verifying your identity through a trusted third party, known as a certificate authority (CA). Alternatively, you can use a self-signed certificate to attest to your identity. The CA server you use can be owned and operated by an independent...
Question Does Junos OS support chassis clustering (high availability) for PKI certificates? Answer Currently, the SRX Series devices support high availability (HA) for PKI certificates. Future releases may support the transferring of a device key pair and local certificates between...
1 Comment - no search term matches found in comments.
Question How is the public key of a key pair bound to, or deleted from, a certificate request? Answer When generating a new key pair, you must specify a certificate-ID. This certificate-ID is also used for the certificate request and again when the local certificate is loaded. To...
Question What PKI objects are stored in memory and what are the average sizes? Answer The following PKI objects are stored in in flash and run-time memory: Certificate authority (CA) certificate CA certificate revocation list (CRL) CA profile configuration Local key pair ...