Support for MPLS L3VPN

An enterprise might have multiple branches in different VPNs. PKI support for MPLS L3VPN is required if users in different VPNs request certificates from the CA server in the headquarters VPN.

As shown in Figure 83, the PKI entity in VPN 1 requests a certificate from the CA server in VPN 3 in the following workflow:

1. The PKI entity submits a certificate request to the CA server.

2. The PE device that connects to the PKI entity transmits the request to the CA server through MPLS L3VPN.

3. The CA server verifies the request and issues the certificate.

4. The PE device that connects to the CA server transmits the certificate to the PKI entity.

For information about MPLS L3VPN, see MPLS Configuration Guide.