Downloading a Private Certificate

Before using a private certificate, you need to download it. Only downloaded certificate can be assigned to the corresponding certificate subject so that they can install and use the certificate.

This topic describes how to download a private certificate. Only certificates in the Issued state can be downloaded.

Prerequisites

Your private certificate is in the Issued state. For details, see Applying for a Private Certificate.

Procedure

Log in to the management console.
Click in the upper left corner of the page and choose Security & Compliance > Cloud Certificate Management Service. In the navigation pane on the left, choose Private Certificate Management > Private Certificate. The Private Certificate page is displayed.
Locate the row of the desired private certificate and click Download in the Operation column.

Figure 1 Downloading a private certificate
Click the target tab based on your server type and click Download Certificate.
PCA will use the download tool provided by the browser to download the private certificate to the specified local directory.

Installing a Private Certificate

A private certificate must be installed on the corresponding server. The installation procedure for private certificates is the same as that for SSL certificates. You can refer to Table 1.

**Table 1** Example for installing an SSL certificate
Server Type	Operation
Tomcat	Installing an SSL Certificate on a Tomcat Server
Nginx	Installing an SSL Certificate on an Nginx Server
Apache	Installing an SSL Certificate on an Apache Server
IIS	Installing an SSL Certificate on an IIS Server
WebLogic	Installing an SSL Certificate on a WebLogic Server
Resin	Installing an SSL Certificate on a Resin Server

Description of Downloaded Certificate Files

The downloaded certificate files vary depending on the CSR file type (System generated CSR or Upload a CSR) configured when you apply for a private certificate.

System generated CSR

Table 2 describes the downloaded files.

**Table 2** Description of downloaded files (1)
Server Type	Files in the Package
Tomcat	keystorePass.txt: certificate password server.jks: certificate file
Nginx	server.crt: certificate files, containing the server certificate and certificate chain server.key: certificate private key file
Apache	chain.crt: certificate chain file server.crt: certificate file server.key: certificate private key file
IIS	keystorePass.txt: certificate password server.pfx: certificate file
Others	chain.pem: certificate chain file server.key: certificate private key file server.pem: certificate file

Upload a CSR

Table 3 describes the downloaded files.

**Table 3** Description of downloaded files (2)
Server Type	Files in the Package
Tomcat	server.crt: certificate file chain.crt: certificate chain file
Nginx	server.crt: certificate file
Apache	server.crt: certificate file chain.crt: certificate chain file
IIS	server.crt: certificate file chain.crt: certificate chain file
Others	cert.pem: certificate file chain.pem: certificate chain file