Dynamic-PKI social Certificate Authority (CA) systems and methods are provided, which generate and issue certificates at time of device deployment instead of time of manufacture. The provided systems and methods utilize an interface to initiate a Certificate Signing Request (CSR), and which then generates and signs the CSR with a public key. The signed CSR is then securely transmitted to a Certificate Signing Request Processor (CSRP), which undergoes an optional verification process and is then processed to return a signed certificate. The signed certificate is then directly or indirectly provided to the device for provisioning into the network.