Activating a Private CA
A subordinate private CA must be activated after it is created. A subordinate private CA takes effect and can be used to issue private certificates only after it is activated.
This topic describes how to activate a subordinate CA. You can use either an internal private CA or external private CA to activate the subordinate CA.
- Internal private CA: Use a private CA in CCM to activate a subordinate CA.
- External private CA: Use a private CA from a third party to activate a subordinate CA.
Prerequisites
- You have created a subordinate private CA. For details, see Creating a Private CA.
- The subordinate CA is in the Pending activation state.
Activating a Subordinate Private CA with an Internal Private CA
- Log in to the management console.
- Locate the row of the subordinate CA and click Activate in the Operation column. In the Install CA Certificate and Activate CA page, configure the required parameters.
- Configure Issued From.
Select Internal private CA.
- Configure the required parameters.
Table 1 Parameters Parameter
Description
Common Name
Indicates the name of the CA. The CA can be a root CA or a subordinate CA.
After you select the CA, the system automatically displays the type and ID of the CA.
Signature Algorithm
Indicates the signature algorithm. The values can be:
- SHA256
- SHA384
- SHA512
Validity Period
Indicates the validity period of a private CA. The longest period is 20 years.
Path Length
The path length of the subordinate CA. The path length controls how many layers of subordinate CAs the current subordinate CA can issue. (The last layer of the certificate chain is a private certificate).
NOTE:A certificate chain is made up of root CAs, subordinate CAs, and private certificates in a fixed sequence to validate the trust of a certificate at a lower layer.
- Configure Issued From.
- Confirm the configuration and click OK.
Activating a Subordinate Private CA with a Third-Party Private CA
- Log in to the management console.
- Locate the row of the subordinate CA and click Activate in the Operation column. In the Install CA Certificate and Activate CA page, configure the required parameters.
- Configure Issued From. Select External private CA.
- Export the CSR.
In the CA CSR pane, click Export File.
The PEM CSR is exported to a file and is signed by a parent CA.
- Use the external CA to issue a certificate.
Use your private CA to issue a certificate for the subordinate private CA you want to activate.
- Import the certificate.
Import the certificate and certificate chain in the Import the Certificate Issued by an External CA pane.
Table 2 Parameter descriptions Parameter
Description
Certificate
Open the PEM file in the certificate to be uploaded as a text file with the extension .pem and copy the certificate content to this text box.
Certificate Chain
Open the PEM file in the certificate to be uploaded as a text file with the extension .pem and copy the certificate chain to this text box.
- Confirm the configuration and click OK.
If the status of the subordinate CA changes to Activated, the subordinate CA has been activated.
Follow-up Procedure
After a subordinate CA is activated, it can be used to issue private certificates. For details about how to apply for a private certificate, see Applying for a Private Certificate.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.