All Products
Document Center

Quick Experience for Free

Last Updated: Dec 18, 2020

We provide a contract test blockchain for free to help you quickly experience our blockchain service. To apply for your own blockservice, please follow Create a consortium.

Notice: The test contract blockchain is for test only. Do not upload business code or business data.


You have already activated Alibaba Cloud BaaS and logged on to Alibaba Cloud.

Apply for the blockchain

  1. Log on to the Alibaba Cloud BaaS console. Click Overview under Ant Blockchain in the left navigation pane.

  2. Click Try for Free, then fill the pop-up list to apply for the certificates.111

  3. We provide Automatic/Manual ways to generate the certificate. It is recommended to use a safe and convenient automatic generation method.112

    • If you choose Automatically Generated, the following steps need to be completed.

      • Fill in the application information and click Apply.
      • Download private key and certificate.

        Notice: There is only one chance to download the private key.


      • Click Create Account, choose Automatically, and then fill in the application information, click Apply.accountaccount

      • Download public-private key pairs.

        Notice: There is only one chance to download the private key.


    • If you choose Manually Generated, the following steps need to be completed.

  4. Click the more button the top right of the test blockchain to download certificates, development components or reset certificates. You can refer to Development Guides for more information about application

Locally generate certificate and public-private key pair

Use OpenSSL

Note: You do not need to manually install OpenSSL on a macOS system.

Install OpenSSL

Install OpenSSL on the Windows operating system as follows:

  1. Go to OpenSSL download page (English), find version 1.0.2o (recommended), and download the installation package. Or, you can click the following download link:

  2. Open the command line tool and go to the bin directory of the OpenSSL installation path.

  3. Prepare the environment variables and enter set OPENSSL_CONF=openssl.cfg on the command line.

Generate certificate requests

Generate private keys and certificate requests by using OpenSSL.

Note: You must remember the password of the private key and save the private key file properly.

  1. openssl req -newkey rsa:2048 -keyout key_pkcs10.pem -out csr.pem Generatinga 2048 bit RSA private key .........................................+++ ..................................+++ writingnew private key to 'key_pkcs10.pem' EnterPEM pass phrase: Verifying- Enter PEM pass phrase: -----

While this command is being executed, you are required to enter the following information:

  • Country name (2-letter code): Use the International Standards Organization (ISO) format and enter the 2-letter country code. For example, enter CN for China.

  • State or province name (full name): The province. For example, Zhejiang.

  • Locality name (for example, city): The city. For example, Hangzhou.

  • Organization name (for example, company): The organizational unit. For example, Pinyin of a company name.

  • Organizational unit name (for example, section): For example, IT Dept.

  • Common name (for example, domain name of your website): The domain name of the website encrypted with SSL.

    This is a domain name that uses SSL certificate. For example, Different URLs are defined here as different website domain names. For example:,, and are identified as three different website domain names. The website domain name here must be the same as the SMTP/POP3 server name set by the mail client software.

  • Email address: Optional, the email address.

  • Challenge password: Optional.

  • Optional company name: Optional.

Use local key service

For your convenience, the BaaS platform provides a Java version of local key service.

Start local key service

  1. The Java runtime environment must be version 1.7 or later.

  2. Download the key generation tool. Click here to download.

  3. Run the command java -jar baas-crypto-tool-1.0.0.jar --server.port=8080 to start the key service.

Generate certificate requests

After you start the key service, in the browser, enter http://localhost:8080/api/crypto/generateTlsKey? algo=rsa&isPkcs8=true&password=${password} to generate the file. Unzip the file to obtain client.csr and client.key. client.key is used to connect to the blockchain, and client.csr needs to be signed by the BaaS platform.

Note: Replace ${password} in the link with your own password.

Generate public and private key pairs

After you start the key service, in the browser, enter http://localhost:8080/api/crypto/generateUserKey? algo=ec&isPkcs8=true&password=${password} to generate the file. Unzip the file to obtain user.key and pub.txt. user.key is the private key of the user, and pub.txt is the public key of the user.

You can run this command twice to generate two public private key pairs. One is the key pair of the account and the other one is the recovery key pair.