Help Center/ Cloud Certificate & Manager/ SSL Certificate Manager (SCM) User Guide/ Installing/Deploying an SSL Certificate/ Installing/Deploying an SSL Certificate on the Server/ Installing an SSL Certificate on a Web Server/ Downloading an SSL Certificate
Updated on 2025-12-29 GMT+08:00
View PDF
Share

Downloading an SSL Certificate

After an SSL certificate is issued, you can install it on a web server. You need to download the SSL certificate first. Then, upload the downloaded certificate to the web server and modify the server configuration for the SSL certificate to take effect.

This topic describes how to download an SSL certificate on the SCM platform.

Prerequisites

The certificate is in the Issued or Hosted status.

Constraints

  • A certificate can only be downloaded when it is in its validity period.
  • If you select System generated CSR for CSR, the downloaded file package contains folders Apache, IIS, Nginx, and Tomcat and file domain.csr.
  • If you select Upload a CSR for CSR, the downloaded file package contains only file server.pem. The file contains two segments of certificate code, namely, the server certificate and intermediate CA certificate. Huawei Cloud SCM does not store your private keys. Keep them properly, so keep them safe.

Procedure

  1. Log in to the CCM console.
  2. In the navigation pane on the left, choose SSL Certificate Manager > SSL Certificates.
  3. In the Operation column of the row containing the desired certificate, click Download.

    Figure 1 Downloading a certificate

  4. On the certificate details page, confirm the certificate information and click Download.
  5. Install the certificate on the corresponding server for the SSL certificate to work.

    The procedure for installing an SSL certificate varies depending on the web server. The following describes how to install an SSL certificate on mainstream web servers.

Description of Downloaded Certificate Files

Different types of certificate files can be downloaded depending on if you select System generated CSR or Upload a CSR when you applied for the certificate.

  • System generated CSR
    The downloaded certificate package contains Apache, IIS, Nginx, and Tomcat folders as well as the domain.csr file. See Table 1 for details. Figure 2 shows an example.
    Figure 2 Decompressing an SSL certificate package
    Table 1 Description of files/folders in the downloaded certificate

    File/Folder Name

    Content

    Tomcat

    keystorePass.txt: certificate password

    server.jks: certificate file

    Nginx

    server.crt: certificate file, which contains two segments of certificate code (server certificate and intermediate CA certificate respectively)

    server.key: certificate's private key file, which contains a segment of private key code of the certificate

    Apache

    ca.crt: certificate chain file, which contains a segment of intermediate CA code.

    server.crt: certificate file, which contains a segment of server certificate code

    server.key: certificate's private key file, which contains a segment of private key code of the certificate

    IIS

    keystorePass.txt: certificate password

    server.pfx: certificate file

    domain.csr

    Certificate signing request.
  • Upload a CSR

    The downloaded certificate package contains only the server.pem file. The file contains two segments of certificate code, namely, the server certificate and intermediate CA certificate.

    Huawei Cloud SCM does not store your private keys. Keep them properly, so keep them safe. When installing the certificate on a server, you will need to provide the file path to the location of your private keys.

    If you select Upload a CSR for CSR, the certificates cannot be directly deployed in other cloud services.