Updated on 2024-09-18 GMT+08:00

Downloading an SSL Certificate

After an SSL certificate is issued, you need to download it. Then, you can install it on your web server and modify server configuration to let the SSL certificate work.

This topic describes how to download an SSL certificate on the SCM platform.

Prerequisites

The certificate is in the Issued or Hosted status.

Constraints

  • A certificate can only be downloaded when it is in its validity period.
  • If you select System generated CSR for CSR, the downloaded file package contains folders Apache, IIS, Nginx, and Tomcat and file domain.csr.
  • If you select Upload a CSR for CSR, the downloaded file package contains only file server.pem. The file contains two segments of certificate code, namely, the server certificate and intermediate CA certificate. Huawei Cloud SCM does not store your private keys. Keep them properly, so keep them safe.

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner of the page and choose Security & Compliance > Cloud Certificate Management Service.
  3. In the navigation pane on the left, choose SSL Certificate Manager > SSL Certificates.
  4. In the Operation column of the row containing the desired certificate, click Download.

    Figure 1 Downloading a certificate

  5. In the Operation column, click Download to download the certificate you need.
  6. Install the certificate on the corresponding server for the SSL certificate to work.

    The procedure for installing an SSL certificate varies depending on the web server. The following describes how to install an SSL certificate on mainstream web servers.

Description of Downloaded Certificate Files

Different types of certificate files can be downloaded depending on if you select System generated CSR or Upload a CSR when you applied for the certificate.

  • System generated CSR
    The downloaded certificate package contains Apache, IIS, Nginx, and Tomcat folders as well as the domain.csr file. See Table 1 for details. Figure 2 shows an example.
    Figure 2 Decompressing an SSL certificate package
    Table 1 Description of files/folders in the downloaded certificate

    File/Folder Name

    Content

    Tomcat

    keystorePass.txt: certificate password

    server.jks: certificate file

    Nginx

    server.crt: certificate file, which contains two segments of certificate code (server certificate and intermediate CA certificate respectively)

    server.key: certificate's private key file, which contains a segment of private key code of the certificate

    Apache

    ca.crt: certificate chain file, which contains a segment of intermediate CA code.

    server.crt: certificate file, which contains a segment of server certificate code

    server.key: certificate's private key file, which contains a segment of private key code of the certificate

    IIS

    keystorePass.txt: certificate password

    server.pfx: certificate file

    domain.csr

    Certificate signing request.

  • Upload a CSR

    The downloaded certificate package contains only the server.pem file. The file contains two segments of certificate code, namely, the server certificate and intermediate CA certificate.

    Huawei Cloud SCM does not store your private keys. Keep them properly, so keep them safe. When installing the certificate on a server, you will need to provide the file path to the location of your private keys.

    If you select Upload a CSR for CSR, the certificates cannot be directly deployed in other cloud services.