What PKI objects are stored in memory and what are the average sizes?
The following PKI objects are stored in in flash and run-time memory:
- Certificate authority (CA) certificate
- CA certificate revocation list (CRL)
- CA profile configuration
- Local key pair
- Local certificate or pending certificate
Each CA certificate typically uses three objects (CA certificate, CRL, and CA profile configuration). Each local certificate uses two objects (certificate and key pair). A pending certificate is a PKCS10 file that has been generated and sent to a CA. When the signed certificate from the CA is installed the pending certificate object is replaced with the local certificate.
The average sizes for PKI objects are as follows:
- CRLs vary, depending on how many certificates a particular CA has revoked: We support 2 MB by default maximum size, for SRX5000 Series devices, 5 MB is supported.
- Certificates average 2K bytes each.
- Key pairs average 4K bytes each.
- CA profile configurations average 500 bytes each.
For more information, see Understanding Certificates and PKI