Help Center> Cloud Certificate & Manager> FAQs> SSL Certificate Application and Purchase> Domain Name Filling - SCM> What Are the Differences Between the CSR Generated by the System and the CSR Made by Yourself?
View PDF

What Are the Differences Between the CSR Generated by the System and the CSR Made by Yourself?

To obtain an SSL certificate, a Certificate Signing Request (CSR) file needs to be submitted to the CA for review. A CSR contains a public key and a distinguished name (DN). Typically, a CSR is generated by a web server. A pair of public and private keys are created along with the CSR.

When you apply for a certificate, you can set CSR to System generated CSR or Upload a CSR. If you select the latter, copy the file content to the text box. Table 1 describes the differences between two methods to provide the CSR file.

Table 1 Comparisons on CSR files generated by the system or made by yourself

CSR

Description

Differences

System generated CSR

The system automatically generates a certificate private key. Once the certificate is issued, you can download your certificate and private key on the certificate management page.
  • If System generated CSR is selected, there are multiple formats available for download.
  • After you download the certificate, you can directly install and deploy certificate because certificate file server.jks and password file keystorePass.txt are automatically generated for you.

Upload a CSR

You need to manually generate a CSR file and paste the content of the CSR file generated into the text box.

For details, see How Do I Make a CSR File?
  • Certificates with CSR manually generated cannot be pushed to other HUAWEI CLOUD services.
  • If the CSR file is generated manually, HUAWEI CLOUD is not responsible for your private key. Back up your private key and keep it secure. If a private key is lost, the corresponding certificate becomes invalid. HUAWEI CLOUD is not responsible for keeping your private key. You need to buy a new certificate if the private key is lost.
  • After you download the certificate, use the OpenSSL tool to convert certificate format from PEM to PFX to obtain the server.pfx file. Then use the Keytool tool to convert the certificate format from PFX to JKS to obtain certificate file server.jks and password file keystorePass.txt. Then you can install and deploy your certificate.

System generated CSR is recommended, which can avoid certificate approval failures caused by incorrect CSR content.