Juniper IP SERVICES - CONFIGURATION GUIDE V 11.1.X Configuration Manual page 249

common-name
country
domain-name
ike crl
Use to specify the authentication method that the router uses. For digital
certificates, the method is set to RSA signature.
Example
host1(config-ike-policy)#authentication rsa-sig
Use the no version to restore the default, preshared keys.
See authentication.
Use to specify a common name used to generate certificate requests.
Example
host1(config-ipsec-identity)#common-name Jim
Use the no version to remove the common name.
See common-name.
Use to specify a country name used to generate certificate requests.
Example
host1(config-ipsec-identity)#country CA
Use the no version to remove the country name.
See country.
Use to specify the domain name that the router uses in IKE authentication
messages and to generate certificate requests.
The domain name is used in the SubjectAlternative DNS certificate extensions
and as an FQDN (fully qualified domain name) ID payload for IKE negotiations.
Example
host1(config-ipsec-identity)#domain-name myerx.kanata.junipernetworks.com
Use the no version to remove the domain name.
See domain-name.
Use to control how the router handles CRLs during negotiation of IKE phase 1
signature authentication. Specify one of the following keywords:
ignored Allows negotiations to succeed even if a CRL is invalid or the peer's
certificate appears in the CRL; this is the most lenient setting
optional If the router finds a valid CRL, it uses it; this is the default setting
Configuring Digital Certificates Using the Offline Method
Chapter 8: Configuring Digital Certificates
223