Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Create Device Certificate (ACME)

You are here: Device Administration > Certificate Management > Certificates.

To add an ACME certificate:

  1. Click Create available on the upper-right corner of the Certificates page.
  2. Click Device Certificate and select ACME.
    The Create Device Certificate (ACME) page appears.
  3. Complete the configuration according to the guidelines provided in Table 1.
  4. Click OK to save the changes. If you want to discard your changes, click Cancel instead.
    If you click OK, a new CA certificate with the provided configuration is created.
Table 1: Fields on the Create Device Certificate (ACME) page



CA certificate name

Select a CA certificate name from the list or click Add CA certificate to add a CA Certificate. For details on adding a CA certificate, see Add CA Certificate.

Digital signature

Select a digital signature from the list. That is, RSA-1024, RSA-2048, or RSA-4096. By default, RSA-2048 is selected.


Enter a device certificate name.

Contact email

Enter contact email address.

Auto Re-enrollment

Trigger time

Set the auto re-enrollment trigger time (in days). Default is 65 days and maximum trigger time is 85 days.

Re-generate key pair

Enable to automatically generate a new key pair when a device certificate is automatically re-enrolled.

Domain names

Click + to add new domain name that you want to associate with the certificate. This can be an FQDN that resolves to an SRX Series Firewall external IP address. Maximum of domain names allowed is five.