Why does the Junos OS device not use or support two sets of keys for a virtual private network (VPN)?
In general, when setting up a PKI for email and file encryption and signing, you should use two sets of keys. While you certainly want two sets of keys when encrypting emails and files (one set for signing and one set for encryption) you do not need two sets for the VPN.
RSA keys are used only for authentication in IPsec. So you do not need the second set of keys for things such as long-term storage of encrypted material.
Junos OS does support Digital Signature Algorithm (DSA) keys.
For more information, see Understanding Certificates and PKI