Help Center

Key Management Service

Product Description
Billing
Getting Started
User Guide
SDK Reference
Best Practices
FAQs
Related Agreements

Create a Certificate

2025-01-08 02:06:22

This section introduces the steps of creating a key in the console.

Operation Steps

1.       Log in to the KMS console.

2.       In the navigation bar at the top of the page, select the area where the key is located.

3.       In the left navigation bar, click Certificate Management. On the certificate list page, click Create Certificate;

4.       In the Create Certificate dialog box that is displayed, enter the configuration information as prompted.

Configuration Item Description

Parameter

Description

Entity Name (CN)

The   entity name used by the certificate.

Country/Region (C)

Use the two-digit   country code complying with ISO 3166-1, e.g. CN for China.

Province/City (ST)

Name of the province, municipality directly   under the Central Government, autonomous region or special administrative   region.

City (L)

City name.

Company Name (O)

Legal name of an enterprise, unit,   organization or institution.

Department Name (OU)

Department name.

Click the plus sign on   the right to add department names. You can add up to 5 department names.

Email (E)

Email address of the   certificate holder or administrator.

Subject Alias

If the certificate is a   domain validated (DV) certificate, you can add subject aliases to generate a multi-domain   certificate request. You can add up to 10 aliases.

Key Type

Value: RSA_2048

Whether the private key   can be exported

Whether to export the   certificate private key. Value:

Yes: The certificate   private key needs to be exported.

No: The certificate   private key does not need to be exported. You are advised to select No   to use key protection with a higher security level.

 

5.       After completing the certificate information, click Create Certificate. The system will return the certificate ID and certificate request. Click Download Certificate Request, and click OK after downloading.

6.       Download the certificate request file in CSR format, and submit it to the CA to obtain the official certificate and certificate chain.

7.     Import the certificate and certificate chain into the certificate management service. On the certificate list page, locate the target certificate and go to More > Import Certificate;

8.       In the Import Certificate dialog box, input or upload the certificate and certificate chain issued by the CA, and click OK.

9.       After the certificate is imported, its status changes to Enabling. You can use the certificate to perform signature verification.


The previous article -  Overview of Certificate Management
The next article -  Import Keys and Certificates
1e8qbuNIuTtq