Create Device Certificate (Let's Encrypt)

You are here: Device Administration > Certificate Management > Certificates.

To create a let's encrypt device certificate:

Click Create available on the upper-right corner of the Certificates page.
Click Device Certificate and select Let's Encrypt.
The Create Device Certificate (Let's Encrypt) page appears.
Select I agree to the Let's encrypt subscriber terms and conditions.
Complete the configuration according to the guidelines provided in Table 1.
Click OK to save the changes. If you want to discard your changes, click Cancel instead.
If you click OK, a new device certificate with the provided configuration is created.

Table 1: Fields on the Create Device Certificate (Let's Encrypt) page
Field	Action
CA certificate name	Select one of the CA certificate names from the list or click Add CA certificate to add a new CA Certificate. For details on adding a CA certificate, see Add CA Certificate.
Digital signature	Select a digital signature from the list. That is, RSA-1024, RSA-2048, or RSA-4096. By default, RSA-2048 is selected.
Name	Enter a certificate name.
Contact email	Enter contact email address.
Auto re-enrollment
Trigger time	Set the auto re-enrollment trigger time (in days). Default is 65 days and maximum trigger time of 85 days is allowed.
Re-generate key pair	Enable this option to automatically generate a new key pair when a device certificate is automatically re-enrolled.
Subject Alt Name
Domain names	Click + to add new domain name that you want to associate with the certificate. This can be an FQDN that resolves to an SRX Series Firewall external IP address. Maximum of domain names allowed is five.