After you create a private certificate authority (CA), you must enable it so that the private CA can issue private certificates. This topic describes how to enable a private CA.
- Log on to the SSL Certificates Service console.
- In the left-side navigation pane, click Private Certificates.
- On the Private Certificates page, find the private CA that you want to enable and that is in the Disabled state, and then click Enable in the Actions column.
- In the CA Information panel, configure the information about the private CA. The following table describes the related parameters.
Parameter Description Organization (O) The name of the organization that you want to associate with the private CA.
Example: Alibaba Cloud Computing Co., Ltd.
Organizational Unit (OU) The name of the organizational unit that you want to associate with the private CA.
Example: IT department
Common Name (CN) The common name or abbreviation of the organization that you want to associate with the private CA.
Example: Alibaba Cloud
Country/Region (C) The country or region where the organization is located.
Province (S) The province where the organization is located.
City (L) The city where the organization is located.
Private Key Algorithm The private key algorithm that the private CA uses.Supported private key algorithms vary based on the value of Certificate Algorithm that you select when you purchase the Private Certificate Authority (PCA) service. The following rules describe supported private key algorithms for different certificate algorithms that the private CA uses:
- If the certificate algorithm is RSA, private key algorithms such as RSA_1024, RSA_2048, and RSA_4096 are available.
- If the certificate algorithm is SM (Chinese Cryptographic Algorithm), private key algorithms such as SM2_256, SM2_384, and SM2_512 are available.
- If the certificate algorithm is ECC, private key algorithms such as ECC_256, ECC_384, and ECC_512 are available.
Validity Period The validity period of the private CA. Valid values: 5Year(s), 10Year(s), 15Year(s), and 20Year(s).
- Click Confirm and Enable. After you enable your private CA, the value in the Status column for the private CA changes to Enabled.
What to do next
Apply for a private certificate: After you enable a private root CA and then a private intermediate CA, you can apply for a private certificate from the enabled private intermediate CA.
Revoke a private CA: Before a private CA expires, if you no longer want to use the private CA, you can revoke it.