PKI Management and Implementation

For convenience and practicality, PKI must be transparently managed and implemented. Toward this goal, JUNOS software supports the following features:

• Generates a public-private key pair.
• Loads multiple local certificates from different CAs.
• Delivers a certificate when establishing an IPsec tunnel.
• Validates a certificate path upward through eight levels of CA authorities in the PKI hierarchy.
• Supports the Public-Key Cryptography #7 (PKCS-7) cryptographic standard. As a result, the device can accept X.509 certificates and CRLs packaged within a PKCS-7 envelope.

  Note: JUNOS software supports a PKCS-7 file size of up to 7 KB.

• Retrieves CRLs online retrieval through LDAP or HTTP.

Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice.