Activating a Private CA

Prerequisites

• You have created a subordinate private CA. For details, see Creating a Private CA.
• The subordinate CA is in the Pending activation state.

Activating a Subordinate Private CA with an Internal Private CA

1. Log in to the management console.
2. Click in the upper left corner of the page and choose Security & Compliance > Cloud Certificate Management Service. In the navigation pane on the left, choose Private Certificate Management > Private Certificate. The Private Certificate page is displayed.
3. Locate the row of the subordinate CA and click Activate in the Operation column. On the Install CA Certificate and Activate CA page, configure the required parameters.
   Figure 1 Using an internal private CA
   
   1. Configure Issued From.

      Select Internal private CA.

   2. Configure the required parameters.

      Table 1 Parameters

      Parameter	Description
      Common Name	Indicates the name of the CA. The CA can be a root CA or a subordinate CA. After you select the CA, the system automatically displays the type and ID of the CA.
      Signature Algorithm	Indicates the signature algorithm. The values can be: SHA256 SHA384 SHA512
      Validity Period	Indicates the validity period of a private CA. The longest period is 20 years.
      Path Length	The path length of the subordinate CA. The path length controls how many layers of subordinate CAs the current subordinate CA can issue. (The last layer of the certificate chain is a private certificate). NOTE: A certificate chain is made up of root CAs, subordinate CAs, and private certificates in a fixed sequence to validate the trust of a certificate at a lower layer.

4. Confirm the configuration and click OK.

Activating a Subordinate Private CA with a Third-Party Private CA

1. Log in to the management console.
2. Click in the upper left corner of the page and choose Security & Compliance > Cloud Certificate Management Service. In the navigation pane on the left, choose Private Certificate Management > Private Certificate. The Private Certificate page is displayed.
3. Locate the row of the subordinate CA and click Activate in the Operation column. In the Install CA Certificate and Activate CA page, configure the required parameters.
   
   
   1. Configure Issued From. Select External private CA.
   2. Export the CSR.

      In the CA CSR pane, click Export File.

      The PEM CSR is exported to a file and is signed by a parent CA.

   3. Use the external CA to issue a certificate.

      Use your private CA to issue a certificate for the subordinate private CA you want to activate.

   4. Import the certificate.

      Import the certificate and certificate chain in the Import the Certificate Issued by an External CA pane.

      Table 2 Parameter descriptions

      Parameter	Description
      Certificate	Open the PEM file in the certificate to be uploaded as a text file with the extension .pem and copy the certificate content to this text box.
      Certificate Chain	Open the PEM file in the certificate to be uploaded as a text file with the extension .pem and copy the certificate chain to this text box.

4. Confirm the configuration and click OK.

   If the status of the subordinate CA changes to Activated, the subordinate CA has been activated.

Follow-up Procedure

After a subordinate CA is activated, it can be used to issue private certificates. For details about how to apply for a private certificate, see Applying for a Private Certificate.