About This Guide
Use this guide to configure, monitor, and manage the public key infrastructure (PKI) on Juniper Networks devices using Junos OS. Use the PKI for secure data exchange, identity verification, and mutual authentication by using digital certificates.
Configure PKI in Junos OS
Create CA Profile. See Certificate Authority.
Define CA Profile Attributes: Create a CA profile to specify the CA settings, including the CA identity and any additional attributes required.
Specify Enrollment Parameters: Configure the enrollment retry value and the time interval between attempts to automatically enroll the CA certificates online.
Set Revocation Check: Specify the Certificate Revocation List (CRL) refresh interval and URL for revocation checks.
Generate Certificate. See Self-Signed Digital Certificates.
Generate Certificate Request: Generate a public or private keypair and then create the certificate request using the keypair.
Send Certificate Request: Send the certificate request to the CA administrator through email or an out-of-band method. Specify an email address for the CA administrator if needed.
Load CA and Local Certificates. See Enroll Certificate.
Load CA Certificate: Load the CA certificate from an external file and associate it with the configured CA profile.
Load Local Certificate: Load the local certificate into local storage from the specified external file, ensuring proper linkage with the private or public keypair.
Configure IPsec VPN with Certificates. See Configure Multiple Certificate Types to Establish IKE and IPsec SA.
Define IKE Policy and Gateway: Configure the IKE policy and gateway to use RSA-Signature authentication method and the local and CA certificates.