Certificate authorities manage certificate requests and issue certificates to participating IPSec network devices. When you create a certificate request, you need to provide the information about the owner of the certificate. The required information and its format vary across certificate authorities.
Certificates use names in the X.500 format, a directory access protocol that provides both read and update access. The entire name is called a DN (distinguished name). It consists of a set of components, which often includes a CN (common name), an organization (O), an organization unit (OU), a country (C), a locality (L), and so on.
Note: For the dynamic registration of digital certificates, the JUNOS software supports only the Simple Certificate Enrollment Protocol (SCEP).