Application Method 3: Applying Through Dual Certificates

Context

Dual certificates refer to the signature certificate and encryption certificate, which are used to establish TLS connections.

Procedure

Choose System > About > Certificate Authority Service from the main menu.
Choose Certificate Application > Certificate Application from the navigation tree on the left.

On the Apply by Dual-Certificate tab page, enter certificate application information.

For detailed parameter descriptions, see Table 1.

**Table 1** Dual-certificate parameters
Parameter		Description	Value
Associated CA		Associated CA used to apply for a certificate from the CA.	N/A
Applicant		You can customize the name of a applicant to distinguish different applicants.	N/A
Signature certificate	Signature certificate profile	Signature certificate profile, which is used to issue the signature certificate.	N/A
Signature certificate	CSR file	Certificate signing request.	The certificate chain file to be uploaded must be in .csr, .txt, or .req format. Only one file can be uploaded and the file size cannot exceed 100 KB. The certificate file name is a string of 1 to 256 characters containing Chinese characters, digits, letters, underscores (_), and hyphens (-), spaces, dots (.) and round brackets. It cannot start with a dots (.) or space. The subject information in the CSR file must be different from that of the associated CA. Otherwise, certificate application fails.
Encryption certificate	Subject info is consistent with signature certificate's info	If this option is selected, the subject information is the same as that of the signature certificate. If this option is not selected, you need to enter the subject information configured in the profile after selecting an encryption certificate profile.	N/A
Encryption certificate	Encryption certificate profile	Encryption certificate profile used to issue the encryption certification.	Only the profile of a certificate with the End entity level can be selected.

Click Submit.

Related Tasks

Viewing a certificate
On the PKI Management > Certificate page, click the SN of a certificate to view the certificate details.

A certificate will be automatically deleted 30 days after it expires. If the number of certificates issued by the Certificate Authority Service exceeds 80% of the maximum number supported by the Certificate Authority Service, all expired certificates are automatically deleted.
Updating a certificate
On the PKI Management > Certificate page, click Update in the Operation column of a certificate to update it. After the certificate is updated, you can choose whether to download the certificate to the local computer.

The certificate obtained by using CMP, privacy CA protocol or uploading the CSR file cannot be updated.
Searching for a certificate
On the PKI Management > Certificate page, enter the subject name of the certificate in the search box for a search. You can also specify the SN, validity period, revocation reason, issuer or status of the certificate in Advanced Search. The Certificate Authority Service supports fuzzy search by subject name, SN, validity period or issuer.

On the Certificate Application > Application List page, enter the applicant, CA name, subject or submitted time of the certificate in the search box for a search. The Certificate Authority Service supports fuzzy search by applicant, CA name, subject or submitted time.
Revoking a certificate
On the PKI Management > Certificate page, click Revoke in the Operation column of a certificate to revoke it.

Only certificates whose revocation reason is "Certificate is on hold" can have their revocation canceled. Certificates revoked for other reasons can no longer be trusted.
Canceling certificate revocation
On the PKI Management > Certificate page, click Undo Revoke in the Operation column of a certificate to cancel its revocation.
Downloading a certificate
- On the Certificate Application > Application List page, click Download Certificate in the Operation column of a certificate to download it to the local computer.
  - When downloading a certificate that is requested by entering basic information or using dual certificates, you need to enter a password. The password is a string of 8 to 32 characters containing at least three of the following: digits, uppercase letters, lowercase letters, and special characters. In addition, the password cannot contain two or more of the same characters consecutively.
  - Only successfully obtained certificates can be downloaded.
- On the PKI Management > Certificate page, click Download in the Operation column of a certificate, enter the file name and password, and download the certificate to the local computer.
  - The file name is a string of 1 to 20 characters containing uppercase letters, lowercase letters, digits, hyphens (-), and underscores (_).
  - When downloading a certificate that is requested by entering basic information or using dual certificates, you need to enter a password. The password is a string of 8 to 32 characters containing at least three of the following: digits, uppercase letters, lowercase letters, and special characters. In addition, the password cannot contain two or more of the same characters consecutively.

Parent topic: Applying for a Certificate

Previous topic: Application Method 2: Uploading a File

Next topic: Configuring a CRL Server

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.

Chatbot