All Products
Search
Document Center

Certificate Management Service:Create and manage a certificate application repository

Last Updated:Jun 20, 2024

You can create certificate application repositories to classify certificates from different data sources, including Alibaba Cloud certificates and local certificates. This allows you to manage certificates in a convenient and efficient manner. This topic describes how to create and manage a certificate application repository.

Create a certificate application repository

  1. Log on to the Certificate Management Service console.

  2. In the left-side navigation pane, choose Certificate and Domain Application Services > Certificate Application Repository.

  3. On the Certificate Application Repository page, click Create Repository.

  4. In the Create Repository panel, configure the following parameters and click OK.

    Parameter

    Description

    Repository Name

    Enter a name for the repository.

    Data Source

    Upload Certificate

    You can manage uploaded certificates, including self-signed certificates, certificates issued by third parties, and certificates issued by Alibaba Cloud.

    Uploaded CA Certificates

    You can manage uploaded certificate authority (CA) certificates. A complete certificate chain is required.

    Note

    When you configure an HTTPS listener for an Alibaba Cloud Server Load Balancer (SLB) instance, you can select a CA certificate from this repository. For more information about how to configure an HTTPS listener for an SLB instance, see Create an HTTPS listener for an ALB instance, Create a listener that uses SSL over TCP, and Create an HTTPS listener for a CLB instance.

    Alibaba Cloud Private Certificates

    You can manage Alibaba Cloud private certificates within the current account. An intermediate CA can be associated with only one certificate application repository.

    If you want to encrypt an office automation (OA) approval or other data, you can select an Alibaba Cloud private certificate from this repository and encrypt data by calling a certificate application repository-related API operation. For more information about certificate application repository-related API operations, see Certificate Application Repository.

    Alibaba Cloud Compliant Certificates

    You can manage Alibaba Cloud compliant certificates within the current account. An intermediate CA can be associated with only one certificate application repository.

    If you want to perform an operation such as electronic signature generation or contract signing, you can select a certificate from this repository and perform the operation by calling a certificate application repository-related API operation. For more information about certificate application repository-related API operations, see Certificate Application Repository.

Manage a certificate application repository

  1. Log on to the Certificate Management Service console.

  2. In the left-side navigation pane, choose Certificate and Domain Application Services > Certificate Application Repository.

  3. On the Certificate Application Repository page, find the certificate application repository that you want to manage. The following table describes the operations that you can perform to manage a certificate application repository.

    Operation

    Scenario

    Procedure

    Reset a certificate application repository

    You can reset a certificate application repository in the following scenarios:

    • If you select an incorrect data source when you create or enable a certificate application repository, you can reset the certificate application repository to change the data source.

    • If you no longer require a certificate application repository and want to delete it, you can reset it.

    Important

    After you reset a certificate application repository, it cannot be restored. Proceed with caution.

    1. Click Reset.

    2. In the Tip dialog box, select I understand the risks of the reset operation and confirm the operation. and click Reset.

    Enable a certificate application repository

    You want to use a certificate application repository that is reset.

    1. Click Enabled.

    2. In the Enabled panel, configure the Data Source parameter and click Enabled.

    Delete a certificate application repository

    If you no longer require a certificate application repository, you can delete it.

    Important

    You can delete a certificate application repository only after it is reset.

    1. Click Delete.

    2. In the Confirmation message, click Delete.

    Change the name of a certificate application repository

    If you do not enter a name or enter an incorrect name when you create a certificate application repository, you can change the name of the certificate application repository.

    1. Move the pointer over the name of a certificate application repository and click Modify.

    2. Enter a new name and click Save.

References