Public Key Infrastructure User Guide

Use this guide to configure, monitor, and manage the public key infrastructure (PKI) on Juniper Networks devices using Junos OS. Use the PKI for secure data exchange, identity verification, and mutual authentication by using digital certificates.

Table 1: Configure PKI in Junos OS
Task	Description
Create CA profile	Define CA profile attributes: Create a CA profile to specify the CA settings, including the CA identity and any additional attributes required. Specify enrollment parameters: Configure the enrollment retry value and the time interval between attempts to automatically enroll the CA certificates online. Set revocation check: Specify the certificate revocation list (CRL) refresh interval and URL for revocation checks. See Certificate Authority.
Generate certificate	Generate certificate request: Generate a public or private keypair and then create the certificate request using the keypair. Send certificate request: Send the certificate request to the CA administrator through an email or an out-of-band method. Specify an email address for the CA administrator if needed. See Self-Signed Digital Certificates.
Load CA and local certificates	Load CA certificate: Load the CA certificate from an external file and associate it with the configured CA profile. Load local certificate: Load the local certificate into local storage from the specified external file, ensuring proper linkage with the private or public keypair. See Enroll a Certificate.
Configure IPsec VPN with certificates	Define IKE policy and gateway: Configure the IKE policy and gateway to use RSA-signature authentication method and the local and CA certificates. See Configure Multiple Certificate Types to Establish IKE and IPsec SA.