Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

request security pki local-certificate generate-self-signed (Security)

 

Syntax

Release Information

Command introduced in Junos OS Release 9.1. Support for digest option added in Junos OS Release 12.1X45-D10.

Description

Manually generate a self-signed certificate for the given distinguished name.

Options

certificate-id certificate-id-name—Name of the certificate and the public/private key pair.

domain-name domain-name—Fully qualified domain name (FQDN) provides the identity of the certificate owner for Internet Key Exchange (IKE) negotiations and provides an alternative to the subject name.

subject subject-distinguished-name—Distinguished name format contains the following information:

  • DC—Domain component

  • CN—Common name

  • OU—Organizational unit name

  • O—Organization name

  • L—Locality

  • ST—State

  • C—Country

add-ca-constraint—(Optional) Specifies that the certificate can be used to sign other certificates.

digest—(Optional) Hash algorithm used to sign the certificate.

  • sha1—SHA-1 digest (default)

  • sha256—SHA-256 digest

Starting in Junos OS Release 18.1R3, the default encryption algorithm that is used for validating automatically and manually generated self-signed PKI certificates is Secure Hash Algorithm 256 (SHA-256). Prior to Junos OS Release 18.1R3, SHA-1 is used as default encryption algorithm.

email email-address—(Optional) E-mail address of the certificate holder.

Required Privilege Level

maintenance and security

List of Sample Output

request security pki local-certificate generate-self-signed certificate-id self-cert subject cn=abc domain-name example.net email mholmes@example.net

Output Fields

When you enter this command, you are provided feedback on the status of your request.

Sample Output

request security pki local-certificate generate-self-signed certificate-id self-cert subject cn=abc domain-name example.net email mholmes@example.net

user@host> request security pki local-certificate generate-self-signed certificate-id self-cert subject cn=abc domain-name example.net email mholmes@example.net