request security pki local-certificate generate-self-signed (Security)

Syntax

Description

Manually generate a self-signed certificate for the given distinguished name.

Options

certificate-id certificate-id-name—Name of the certificate and the public/private key pair.

domain-name domain-name—Fully qualified domain name (FQDN) provides the identity of the certificate owner for Internet Key Exchange (IKE) negotiations and provides an alternative to the subject name.

subject subject-distinguished-name—Distinguished name format contains the following information:

• DC—Domain component

• CN—Common name

• OU—Organizational unit name

• O—Organization name

• L—Locality

• ST—State

• C—Country

add-ca-constraint—(Optional) Specifies that the certificate can be used to sign other certificates.

digest—(Optional) Hash algorithm used to sign the certificate.

• sha1—SHA-1 digest (default)

• sha256—SHA-256 digest

Starting in Junos OS Release 18.1R3, the default encryption algorithm that is used for validating automatically and manually generated self-signed PKI certificates is Secure Hash Algorithm 256 (SHA-256). Prior to Junos OS Release 18.1R3, SHA-1 is used as default encryption algorithm.

email email-address—(Optional) E-mail address of the certificate holder.

ip-address ipv4-address—(Optional) Static IPv4 address of the device.

ipv6-address ipv6-address—(Optional) Static IPv6 address of the device.

Required Privilege Level

maintenance and security

Output Fields

When you enter this command, you are provided feedback on the status of your request.

Sample Output

Release Information

Command introduced in Junos OS Release 9.1.

Support for digest option added in Junos OS Release 12.1X45-D10.

Support for ipv6-address option added in Junos OS Release 22.1R1.