Prerequisites

You have created a private CA and activated it.

Procedure

1. Log in to the management console.
2. In the navigation pane on the left, click and choose Cloud Certificate Management Service under Security & Compliance. On the displayed CCM homepage, choose CA Management > Private CA.
3. In the left navigation pane, choose Certificate Manager > Private Certificate to switch to the Private Certificate page.
4. In the upper left corner of the private certificate list, click Apply for Certificate to switch to the Apply for Certificate page. Configure the application details.
   Figure 1 System generated CSR
   
   Figure 2 Upload a CSR
   
   1. Select the CSR file generation method.
      • System generated CSR: The system automatically generates a certificate private key. Once the certificate is issued, you can download your certificate and private key on the certificate management page.
      • Upload a CSR
        1. You need to manually generate a CSR file and paste the content of the CSR file generated into the text box.
        2. Click Parse.
      

      • To obtain a certificate, a CSR file needs to be submitted to the CA for review. A CSR contains a public key and a distinguished name (DN). Typically, a CSR is generated by a web server. A pair of public and private keys are created along with the CSR.
      • You are advised to select System generated CSR to avoid approval failure caused by incorrect content.
      • If the CSR file is generated manually, HUAWEI CLOUD is not responsible for your private key. Back up your private key and keep it secure. If a private key is lost, the corresponding certificate becomes invalid. HUAWEI CLOUD is not responsible for keeping your private key. You need to purchase a new certificate if the private key is lost.
      • SCM has strict requirements on the key type and length of the CSR file. The key must be RSA and it must be 2,048 bits long.
   2. Configure certificate details.

      Perform this step only when you select System generated CSR for CSR.

      Common Name: You can customize the name of the private certificate.

   3. Click on the right of Advanced Configuration.
      Perform this step only when you select System generated CSR for CSR.

      • Key Algorithm: Select the key algorithm and key size of the certificate. The value can be RSA2048, RSA4096, EC256, or EC384.
      • Signature Algorithm: Select the signature hash algorithm of the certificate. The value can be SHA256, SHA384, or SHA512.
      • Key Usage: Select the key usage of the certificate.
      • Customized Extension Field: Enter the customized information of the certificate.
      • (Optional) Configure the certificate AltName. You can configure IP address or DNS for certificate AltName.

        If you select IP address, you need to enter the corresponding IP address. If you select DNS, you need to enter the corresponding domain name.

        A maximum of five AltName records can be configured.

   4. Select a CA.
      • Common Name: Select a created CA.
      • Type: After you select a common name, the system automatically displays the CA type.
      • CA ID: After you select a common name, the system automatically displays the CA ID.
      • Validity Period: Set the validity period of the private certificate.

5. Confirm the information and click OK.

   After you submit your application, the system will return to the private certificate list page. Message "Certificate xxx applied for successfully." is displayed in the upper right corner of the page, indicating that the private certificate application is successful.

Follow-Up Procedure

After applying for a private certificate, you can download the private certificate. For details, see Downloading a Private Certificate.