Public Key Cryptography for Certificates

The public-private key pairs used in public key cryptography play an important role in the use of digital certificates. The procedure for signing a certificate by a certificate authority (CA) and then verifying the signature, by the recipient, works as described in the topics in this chapter. The topics in this chapter also describe how to use self-signed certificates either automatically generated by the system or ones that you manually create.

For information about which devices support the features documented in this chapter, see the JUNOS Software Feature Support Reference for SRX Series and J Series Devices.

This chapter includes the following topics:

• Understanding Public Key Cryptography
• Understanding Certificates
• Understanding Certificate Revocation Lists
• Understanding Public Key Infrastructure
• Understanding Self-Signed Certificates
• Understanding Automatically Generated Self-Signed Certificates
• Understanding Manually Generated Self-Signed Certificates
• Using Digital Certificates
• Generating a Public-Private Key Pair
• Configuring a Certificate Authority Profile
• Enrolling a CA Certificate Online
• Enrolling a Local Certificate Online
• Generating a Local Certificate Request Manually
• Loading CA and Local Certificates Manually
• Re-enrolling Local Certificates Automatically
• Manually Loading a CRL onto the Device
• Verifying Certificate Validity
• Checking Certificate Validity Using CRLs
• Using Automatically Generated Self-Signed Certificates
• Manually Generating Self-Signed Certificates
• Deleting Certificates
• Deleting a Loaded CRL