Create Device Certificate (ACME)

You are here: Device Administration > Certificate Management > Certificates.

To add an ACME certificate:

Click Create available on the upper-right corner of the Certificates page.
Click Device Certificate and select ACME.
The Create Device Certificate (ACME) page appears.
Complete the configuration according to the guidelines provided in Table 1.
Click OK to save the changes. If you want to discard your changes, click Cancel instead.
If you click OK, a new CA certificate with the provided configuration is created.

Table 1: Fields on the Create Device Certificate (ACME) page
Field	Action
CA certificate name	Select a CA certificate name from the list or click Add CA certificate to add a CA Certificate. For details on adding a CA certificate, see Add CA Certificate.
Digital signature	Select a digital signature from the list. That is, RSA-1024, RSA-2048, or RSA-4096. By default, RSA-2048 is selected.
Name	Enter a device certificate name.
Contact email	Enter contact email address.
Auto Re-enrollment
Trigger time	Set the auto re-enrollment trigger time (in days). Default is 65 days and maximum trigger time is 85 days.
Re-generate key pair	Enable to automatically generate a new key pair when a device certificate is automatically re-enrolled.
Domain names	Click + to add new domain name that you want to associate with the certificate. This can be an FQDN that resolves to an SRX Series Firewall external IP address. Maximum of domain names allowed is five.