Security
Security

What PKI objects are stored in memory and what are the average sizes?

by Juniper Employee on ‎01-26-2016 08:03 AM - edited on ‎09-22-2017 04:00 PM by Administrator Administrator (1,122 Views)

Question

What PKI objects are stored in memory and what are the average sizes?

Answer

The following PKI objects are stored in in flash and run-time memory:

 

  • Certificate authority (CA) certificate
  • CA certificate revocation list (CRL)
  • CA profile configuration
  • Local key pair
  • Local certificate or pending certificate

Each CA certificate typically uses three objects (CA certificate, CRL, and CA profile configuration). Each local certificate uses two objects (certificate and key pair). A pending certificate is a PKCS10 file that has been generated and sent to a CA. When the signed certificate from the CA is installed the pending certificate object is replaced with the local certificate.

 

The average sizes for PKI objects are as follows:

 

  • CRLs vary, depending on how many certificates a particular CA has revoked: We support 2 MB by default maximum size, for SRX5000 Series devices, 5 MB is supported.
  • Certificates average 2K bytes each.
  • Key pairs average 4K bytes each.
  • CA profile configurations average 500 bytes each.

For more information, see Understanding Certificates and PKI