Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Create Device Certificate (CMPv2)

You are here: Device Administration > Certificate Management > Certificates.

To create a CMPv2 device certificate:

  1. Click Create available on the upper-right corner of the Certificates page.
  2. Click Device Certificate and select CMPv2.
    The Create Device Certificate (CMPv2) page appears.
  3. Complete the configuration according to the guidelines provided in Table 1.
  4. Click OK to save the changes. If you want to discard your changes, click Cancel instead.
    If you click OK, a new CA certificate with the provided configuration is created.
Table 1: Fields on the Create Device Certificate (CMPv2) page



CA certificate name

Select a CA certificate name from the list or click Add CA certificate to add a CA Certificate. For details on adding a CA certificate, see Add CA Certificate.

Digital signature

Select a digital signature from the list. That is, RSA, DSA, ECDSA, and so on. By default, RSA-2048 is selected.


Enter a device certificate name.

Enrollment Parameters

CA secret

Enter the out-of-band secret value received from the CA server.

CA reference

Enter the out-of-band reference value received from the CA server.


Enter the distinguished name (DN) of the CA enrolling the EE certificate.


This option is mandatory if the CA certificate is not already enrolled.

If the CA certificate is already enrolled, the subject DN is extracted from the CA certificate.

Auto re-enrollment

Enable this option to request that the issuing CA replace a certificate before its specified expiration date.

Renew trigger time

Set the renew trigger time (in days). Default is 65 days and maximum is 85 days.

Regenerate key pair

Enable this option to automatically generate a new key pair when a device certificate is automatically re-enrolled.

Subject (Minimum of one field required)

Domain component

Enter the domain component that you want to associate with the certificate.

Common name

Enter a common name for the certificate.

Organizational unit name

Enter the name of the organizational unit that you want to associate with the certificate.

Organizational name

Enter the name of the organization that you want to associate with this certificate.

Serial number

Device serial number is autopopulated.


Enter the origin locality name.


Enter the origin state name.


Enter the origin country name.

Subject Alt Name

Domain name

Enter a domain name that you want to associate with the certificate.


Enter an email address of the entity owning the certificate.

IPv4 address

Enter the IPv4 address of the device.

IPv6 address

Enter the IPv6 address of the device.