Security
Security

Can the Junos OS device use the same DN for different local certificates, or auto-generate CN field values?

by Juniper Employee on ‎01-26-2016 08:03 AM - edited on ‎09-22-2017 03:42 PM by Administrator Administrator (930 Views)

Question

Can the Junos OS device use the same DN for different local certificates, or auto-generate CN field values?

Answer

The Junos OS device does not support multiple certificates with the same subject name (or distinguished name [DN]) on a single Junos OS device. Therefore, we recommend using a separate subject name for every key pair to avoid confusion. Some CAs also have limitations on supporting multiple key pairs for the same subject name.

 

Additionally, the Junos OS device does not auto-generate CN (common name) values such as a fully qualified domain name (FDQN) and serial number. The FQDN or any other CN values must be specified during the certificate request procedure.

 

For more information, see Understanding Certificates and PKI