request security pki local-certificate generate-self-signed (Security)
Command introduced in Junos OS Release 9.1. Support for digest option added in Junos OS Release 12.1X45-D10.
Manually generate a self-signed certificate for the given distinguished name.
certificate-id certificate-id-name—Name of the certificate and the public/private key pair.
domain-name domain-name—Fully qualified domain name (FQDN) provides the identity of the certificate owner for Internet Key Exchange (IKE) negotiations and provides an alternative to the subject name.
subject subject-distinguished-name—Distinguished name format contains the following information:
OU—Organizational unit name
add-ca-constraint—(Optional) Specifies that the certificate can be used to sign other certificates.
digest—(Optional) Hash algorithm used to sign the certificate.
sha1—SHA-1 digest (default)
Starting in Junos OS Release 18.1R3, the default encryption algorithm that is used for validating automatically and manually generated self-signed PKI certificates is Secure Hash Algorithm 256 (SHA-256). Prior to Junos OS Release 18.1R3, SHA-1 is used as default encryption algorithm.
email email-address—(Optional) E-mail address of the certificate holder.
Required Privilege Level
maintenance and security
List of Sample Outputrequest security pki local-certificate generate-self-signed certificate-id self-cert subject cn=abc domain-name example.net email email@example.com
When you enter this command, you are provided feedback on the status of your request.
request security pki local-certificate generate-self-signed certificate-id self-cert subject cn=abc domain-name example.net email firstname.lastname@example.org
user@host> request security pki local-certificate generate-self-signed certificate-id self-cert subject cn=abc domain-name example.net email email@example.com
Self-signed certificate generated and loaded successfully