Downloading an SSL Certificate
After an SSL certificate is issued, you need to download it. Then, you can install it on your web server and modify server configuration to let the SSL certificate work.
This topic describes how to download an SSL certificate on the SCM platform.
Prerequisites
The certificate is in the Issued or Hosted status.
Constraints
- A certificate can only be downloaded when it is in its validity period.
- If you select System generated CSR for CSR, the downloaded file package contains folders Apache, IIS, Nginx, and Tomcat and file domain.csr.
- If you select Upload a CSR for CSR, the downloaded file package contains only file server.pem. The file contains two segments of certificate code, namely, the server certificate and intermediate CA certificate. Huawei Cloud SCM does not store your private keys. Keep them properly, so keep them safe.
Procedure
- Log in to the management console.
- Click
in the upper left corner of the page and choose . - In the navigation pane on the left, choose SSL Certificate Manager > SSL Certificates.
- In the Operation column of the row containing the desired certificate, click Download.
Figure 1 Downloading a certificate
- In the Operation column, click Download to download the certificate you need.
- Install the certificate on the corresponding server for the SSL certificate to work.
The procedure for installing an SSL certificate varies depending on the web server. The following describes how to install an SSL certificate on mainstream web servers.
- Tomcat server: Installing an SSL Certificate on a Tomcat Server
- Nginx server: Installing an SSL Certificate on an Nginx Server
- Apache server: Installing an SSL Certificate on an Apache Server
- IIS server: Installing an SSL Certificate on an IIS Server
- WebLogic server: Installing an SSL Certificate on a WebLogic Server
Description of Downloaded Certificate Files
Different types of certificate files can be downloaded depending on if you select System generated CSR or Upload a CSR when you applied for the certificate.
- System generated CSR
The downloaded certificate package contains Apache, IIS, Nginx, and Tomcat folders as well as the domain.csr file. See Table 1 for details. Figure 2 shows an example.
Table 1 Description of files/folders in the downloaded certificate File/Folder Name
Content
Tomcat
keystorePass.txt: certificate password
server.jks: certificate file
Nginx
server.crt: certificate file, which contains two segments of certificate code (server certificate and intermediate CA certificate respectively)
server.key: certificate's private key file, which contains a segment of private key code of the certificate
Apache
ca.crt: certificate chain file, which contains a segment of intermediate CA code.
server.crt: certificate file, which contains a segment of server certificate code
server.key: certificate's private key file, which contains a segment of private key code of the certificate
IIS
keystorePass.txt: certificate password
server.pfx: certificate file
domain.csr
Certificate signing request.
- Upload a CSR
The downloaded certificate package contains only the server.pem file. The file contains two segments of certificate code, namely, the server certificate and intermediate CA certificate.
Huawei Cloud SCM does not store your private keys. Keep them properly, so keep them safe. When installing the certificate on a server, you will need to provide the file path to the location of your private keys.
If you select Upload a CSR for CSR, the certificates cannot be directly deployed in other cloud services.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
