Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Create Device Certificate (Let's Encrypt)

You are here: Device Administration > Certificate Management > Certificates.

To create a let's encrypt device certificate:

  1. Click Create available on the upper-right corner of the Certificates page.
  2. Click Device Certificate and select Let's Encrypt.
    The Create Device Certificate (Let's Encrypt) page appears.
  3. Select I agree to the Let's encrypt subscriber terms and conditions.
  4. Complete the configuration according to the guidelines provided in Table 1.
  5. Click OK to save the changes. If you want to discard your changes, click Cancel instead.
    If you click OK, a new device certificate with the provided configuration is created.
Table 1: Fields on the Create Device Certificate (Let's Encrypt) page



CA certificate name

Select one of the CA certificate names from the list or click Add CA certificate to add a new CA Certificate. For details on adding a CA certificate, see Add CA Certificate.

Digital signature

Select a digital signature from the list. That is, RSA-1024, RSA-2048, or RSA-4096. By default, RSA-2048 is selected.


Enter a certificate name.

Contact email

Enter contact email address.

Auto re-enrollment

Trigger time

Set the auto re-enrollment trigger time (in days). Default is 65 days and maximum trigger time of 85 days is allowed.

Re-generate key pair

Enable this option to automatically generate a new key pair when a device certificate is automatically re-enrolled.

Subject Alt Name

Domain names

Click + to add new domain name that you want to associate with the certificate. This can be an FQDN that resolves to an SRX Series Firewall external IP address. Maximum of domain names allowed is five.