Does the Junos OS device support multiple certificates, or a hierarchical CA chain?
The Junos OS device can generate multiple key pairs, and multiple certificate requests, and have multiple local certificates loaded. The specific quantity of certificates depends on the particular platform.
The Junos OS device supports a hierarchical certificate authority (CA) chain as of Junos OS Release 16.1.
By using the PKCS7 certification type, you can cross certify a Junos OS device using a certificate from one root CA, with another Junos OS device using a certificate from a different root CA. Using cross certification, you can form a full certificate path to the root certificate stored locally.
Junos OS is not ICSA certified, however, Juniper Networks ScreenOS products are certified for version 1.2.
For more information, see Understanding Certificates and PKI