There are two storage formats for imported certificates, keys, and CRLs:
legacy, where only the imported key is encrypted
enhanced secure, where:
The encryption algorithm is stronger than the legacy format.
Imported certificates and keys are both encrypted.
The internal key for encryption is chassis-specific.
A compressed format is used for imported CRL files to save space.
The legacy format is used in SR OS releases before Release 16.0.R6. The enhanced secure format is used for all imported files from Release 16.0.R6 onward. By default, the system loads an imported file in both legacy and enhanced secure formats. To configure the system to only load imported files in the enhanced secure format, execute config>system>security>pki>imported-format secure command. The admin>certificate>convert-file command converts imported files between the legacy format and the enhanced secure format.