Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Add a Device Certificate

To add a device certificate:

  1. Select Device Administration > Certificate Management > Device Certificates.
  2. Click the add icon (+).

    The Generate Certificate page appears.

  3. Complete the configuration according to the guidelines provided in Table 1.
  4. Click OK to save the changes. If you want to discard your changes, click Cancel instead.

    If you click OK, a new certificate with the provided configuration is created.

Table 1: Fields on the Generate Certificate Page



Certificate Details

Certificate Type

Select one of the certificate types from the list that you want to generate:

  • Local Self-Signed—Allows for use of SSL-based (Secure Sockets Layer) services without requiring that the user or administrator to undertake the considerable task of obtaining an identity certificate signed by a CA. Self-signed certificates are usually used for internal purpose.

  • Local Certificate—Validates the identity of the security device. A local certificate imports or references an SSL certificate.

CA Profile Name

This option is available for a local certificate.

Select one of the CA profile name from the list or click Create to add a CA Profile. For details on adding a CA profile, see the table in the Adding a Certificate Authority Profile section.

Certificate ID

Enter a unique value for the certificate ID.

Encryption Type

Select one of the types of encryption from the list:

  • RSA Encryption

  • DSA Encryption


    The certificate cannot be used in SSL Proxy profile if it is generated using type DSA.

  • ECDSA Encryption

Key Size

Select one of the key sizes from the list:

  • RSA encryption supports 1024 bits, 2048 bits, or 4096 bits.

  • DSA encryption supports 1024 bits, 2048 bits, or 4096 bits.

  • ECDSA encryption supports 256 bits, 384 bits, or 521 bits.

Subject (Minimum of one field required)

Domain Component

Enter the domain component that you want to be associated with the certificate.

Common Name

Enter a common name with the certificate.

Organizational Unit Name

Enter the organizational unit that you want to be associated with the certificate.

Organizational Name

Enter the organizational name that you want to be associated with this certificate.

Serial Number

Enter a serial number of the device.


Enter the locality name.


Enter the state name.


Enter the country name.

Subject Alt Name

For a local certificate, any one field is mandatory

Domain Name

Enter a Domain Name that you want to associate with the certificate.


Enter a user email address.

IPv4 Address

Enter the IPv4 address of the device.

IPv6 Address

This option is available for a local certificate.

Enter the IPv6 address of the device.



Select the digest from the list:

  • For local Self-signed certificate (RSA/DSA/ECDSA) options are: None, SHA-1 digests, or SHA-256 digests.

  • For local certificate options are:

    • RSA/DSA: None, SHA-1 digests, or SHA-256 digests

    • ECDSA: None, SHA-256 digests, or SHA-384 digests.

Signing Certificate

Enable or disable specifies that the certificate is used to sign other certificates.