Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


request security pki generate-certificate-request (Security)



Manually generate a local digital certificate request in the Public-Key Cryptography Standards #10 (PKCS-10) format.


certificate-id certificate-id-name

Name of the local digital certificate and the public/private key pair.

domain-name domain-name

Fully qualified domain name (FQDN) provides the identity of the certificate owner for Internet Key Exchange (IKE) negotiations and provides an alternative to the subject name.

subject subject-distinguished-name

Distinguished name format contains the following information:

  • DC—Domain component

  • CN—Common name

  • OU—Organizational unit name

  • O—Organization name

  • L—Locality

  • ST—State

  • C—Country


(Optional) Hash algorithm used to sign the certificate request.

  • sha1—SHA-1 digests (default value for RSA or DSA only).

  • sha256—SHA-256 digests for RSA or ECDSA only (default value for ECDSA).

  • sha-384—SHA-384 digests for ECDSA only.

Starting in Junos OS Release 18.1R3, the default encryption algorithm that is used for validating automatically and manually generated self-signed PKI certificates is Secure Hash Algorithm 256 (SHA-256). Prior to Junos OS Release 18.1R3, SHA-1 is used as default encryption algorithm.

email email-address

(Optional) E-mail address of the certificate holder.

filename (path | terminal)

(Optional) Location where the local digital certificate request should be placed or the login terminal.

ip-address ip-address

(Optional) IP address of the router.

Required Privilege Level


Output Fields

When you enter this command, you are provided feedback on the status of your request.

Sample Output

request security pki generate-certificate-request

Release Information

Command introduced in Junos OS Release 7.5. Support for digest option added in Junos OS Release 12.1X45-D10.