Create and Generate a Self-Signed Certificate

Use this procedure to create new self-signed certificates that can be applied to managed devices. Self-signed certificates (often referred to as root certificates) do not use public or private CAs. A self-signed certificate is a certificate signed by its own creator, with the certificate creator responsible for its legitimacy.

Go to Devices and select the device to which you want to apply the new self-signed certificate.
Select the Certificates tab.

Select the Create Certificate tab and configure the parameters as described in Create Certificate Parameters.

Table 1. Create Certificate Parameters
Parameter	Description
Create Self Signed Certificate
Certificate Name	Enter a name (up to 32-characters) to identify the trustpoint associated with the certificate. A trustpoint represents a CA/identity pair containing the identity of the CA, CA-specific configuration parameters, and an association with an enrolled identity certificate.
SSH RSA Key	Set the key used by both the controller or service platform and the server (or repository) of the target RSA key. Use the drop-down menu to select one of the following options: Generate New — Enter a Name to identify the RSA key. By default, the key size is 2,048 bits. Use Existing — Use the drop-down menu to select a RSA Key Name.
Certificate Subject Name
Certificate Subject Name	Use the drop-down menu to select one of the following options: User Configured — Enter the credentials of the self-signed certificate. Auto Generate — Automatically creates the certificate's subject credentials.
Country (C)	Define the country used in the certificate. This is a required field and must not exceed 2 characters.
State (ST)	Enter the state or province name used in the certificate. This is a required field.
City (L)	Enter a city to represent the city used in the certificate. This is a required field.
Organization (O)	Define the organization represented in the certificate. This is a required field.
Organizational Unit (OU)	Enter the organization unit represented in the certificate. This is a required field.
Common Name (CN)	If there is a common name (IP address) for the organizational unit issuing the certificate, enter it here.
Additional Credentials
Email Address	Provide an email address to be used as the contact address for issues relating to this certificate request. This is a required field.
Domain Name	Enter a fully qualified domain name (FQDN), which is an unambiguous domain name that absolutely specifies the node's position in the DNS tree hierarchy. To distinguish an FQDN from a regular domain name, a trailing period is added, for example, somehost.example.com.. An FQDN differs from a regular domain name by its absoluteness, as a suffix is not added. This is a required field.
IP Address	Specify the IP address used as the destination for certificate requests. Only IPv4 formatted IP addresses are permitted. IPv6 formatted addresses are not permitted. This is a required field.

Select Generate Certificate to generate the certificate.

Note
If you exit Create Certificate configuration without generating the certificate, configured settings will persist, but only until you log out.