Updated on 2022-07-08 GMT+08:00

Managing the Private Certificate Lifecycle

Table 1 describes operations during the private certificate lifecycle management.

Table 1 Private certificate lifecycle management description

Operation

Description

Remarks

Applying for a private certificate

Private certificates are classified into client certificates and server certificates based on the role of an entity in communications. Before applying for a private certificate, ensure that you have created a private CA that can be used to issue certificates.

  • Private certificates are billed by how many certificates you apply for. Once a private certificate is issued, it cannot be refunded.
  • The common name of a private certificate can be duplicate. To distinguish certificates, you can specify a unique name for your private certificates.

Exporting a private certificate

Export a private certificate (including the private key) that has been issued. You can select the certificate format.

Keep the private keys of private certificates secure. If the private key is disclosed, revoke and replace the private certificate in time.

NOTICE:

If any CA certificate in the certificate chain path is permanently deleted, the private certificate cannot be exported.

Revoking a private certificate

You can revoke any private certificate you no longer need for any reason. Revoking private certificates in a timely manner prevents abuse of private certificates.

Certificate abuse may cause security problems.

NOTICE:

If the parent CA does not enable the CRL configuration, the private certificate revocation status cannot be queried. This means a revoked private certificate can still pass the validation.

Deleting a private certificate

You can delete a private certificate anytime.

You can delete a private certificate in any state.

NOTICE:

This operation will immediately delete all information about the private certificate from the database. This operation is irreversible. Exercise caution when performing this operation.