I am running an SRX 340 on Junos 18.4R1-S1 that constantely has high CPU usage for the PKID process. I have also seen this in version 17.4 and on vSRX running Junos 19.1. I have very little traffic going through these devices. I configured the default Root CA profiles on the the various devices. My guess is the pkid process goes to update the CRL's for the CA groups and the process hangs. The only way to get the PKID process to return to normal is to restart the pkid service. Im trying to figure out the cause of this issue or if its a bug.
I have attached the output of the commmand show system processes extensive from both an SRX 340 running 18.4R1 and a vSRX running 19.1. Any help would be appriciated.
Thank you for your reply. Im not sure if this would apply to my case sense I don't have IPSec configured. I do have SSL Forward Proxy configured with the default root CA groups loaded. So maybe it is related even though I don't specifically have IPSec configured. Also it appears to be resolved in 18.4R1 which Im running on the SRX 340.
No I did not have traffic going through it. Maybe it is the PR that should have been fixed in 18.4 which I am running. I guess its there in 19.1 as well. I do believe it is something with certificate verification and the default Juniper root CA list has old entries compared to the current Firefox one.