Certificate Management Service supports Private Certificate Authority (PCA). PCA allows you to build a CA certificate platform for your enterprise in an efficient manner. This way, you can issue and manage self-signed private certificates within your enterprise. Private certificates are used to authenticate applications and encrypt and decrypt the data of your enterprise.
Scenarios
PCA is suitable for the scenarios in which you want to encrypt internal application data by using cryptographic technologies. For example, you can use the cryptographic technology of PCA to implement secure data transmission, data encryption and decryption, and identity authentication for internal applications, such as office automation (OA) and human resources (HR) systems.
Procedure
PCA is a private certificate service that is provided by Alibaba Cloud. You can purchase a private root certificate authority (CA) and a private intermediate CA to build a private certificate platform for your enterprise. This way, you can manage private certificates within your enterprise by using the platform. You can purchase multiple private intermediate CAs for a private root CA based on the organizational structure of your enterprise. This way, you can manage private certificates by department.
Step | Description | References | Cancellation |
1: Purchase a private CA | The first time you create a private CA, you must purchase a private root CA. Then, you can obtain one private root CA and one private intermediate CA. By default, the private root CA provides a quota that allows the private intermediate CA to issue 10 private certificates. | If a private CA meets refund conditions, you can request a full refund for the private CA. For more information about refund policies and how to request a refund, see Refund policies. After you request a refund for a private CA and the refund is returned, you can remove the private CA from the private CA list.
| |
2: Enable the private root CA and the private intermediate CA | The first time you enable a private CA, you must enable the private root CA and then the private intermediate CA. When you enable a private root CA, you can set the Enable Mode parameter to Create CA Certificate. In this case, Alibaba Cloud automatically manages the root certificate, which helps save time. If you want to manually manage the certificate, you can set the Enable Mode parameter to Upload CA Certificate and Private Key. | After your reset a private CA, you can re-enable the private CA. For more information, see Reset a private CA. | |
3: Assign a quota on private certificates | The first time you use a private CA, you must assign a quota on private certificates to a private intermediate CA of the private CA. Then, the private intermediate CA can consume the quota to apply for a private certificate. Note By default, a private root CA provides a quota that allows a private intermediate CA to issue 10 private certificates free of charge. If the quota cannot meet your requirements, you can purchase an additional quota based on your business requirements. For more information, see Purchase a quota on private certificates. | Not supported. | |
4: Apply for a private certificate | Apply for a private certificate from a private intermediate CA that is enabled. A private root CA can issue only private intermediate CAs. Only private intermediate CAs can issue private certificates, including server certificates and client certificates. | Not supported. If a private certificate is issued, the quota on private certificates is consumed. You cannot request a refund for the consumed quota. | |
5: Download and install the private certificate | Download the private certificate and deliver the certificate to a specific user for installation and use. A server certificate must be installed on a server, and a client certificate must be installed on a client browser. | N/A. |
