After you create a private certificate authority (CA), you must enable it so that the private CA can issue private certificates. This topic describes how to enable a private CA.

Prerequisites

A private CA is created. For more information about related operations, see Create a private CA.

Background information

If you enable the private CA for the first time, you must enable the private root CA and then enable the private intermediate CA. If the private root CA is enabled, you can enable the private intermediate CA that is subordinate to the private root CA.

Procedure

  1. Log on to the SSL Certificates Service console.
  2. In the left-side navigation pane, click Private Certificates.
  3. On the Private Certificates page, find the private CA that you want to enable and that is in the Disabled state, and then click Enable in the Actions column.
  4. In the CA Information panel, configure the information about the private CA. Enable a CA
    The following table describes the related parameters.
    Parameter Description
    Organization (O) The name of the organization that you want to associate with the private CA.

    Example: Alibaba Cloud Computing Co., Ltd.

    Organizational Unit (OU) The name of the organizational unit that you want to associate with the private CA.

    Example: IT department

    Common Name (CN) The common name or abbreviation of the organization that you want to associate with the private CA.

    Example: Alibaba Cloud

    Country/Region (C) The country or region where the organization is located.

    Example: China

    Province (S) The province where the organization is located.

    Example: Zhejiang

    City (L) The city where the organization is located.

    Example: Hangzhou

    Private Key Algorithm The private key algorithm that the private CA uses.
    Supported private key algorithms vary based on the value of Certificate Algorithm that you select when you purchase the Private Certificate Authority (PCA) service. The following rules describe supported private key algorithms for different certificate algorithms that the private CA uses:
    • If the certificate algorithm is RSA, private key algorithms such as RSA_1024, RSA_2048, and RSA_4096 are available.
    • If the certificate algorithm is SM (Chinese Cryptographic Algorithm), private key algorithms such as SM2_256, SM2_384, and SM2_512 are available.
    • If the certificate algorithm is ECC, private key algorithms such as ECC_256, ECC_384, and ECC_512 are available.
    Validity Period The validity period of the private CA. Valid values: 5Year(s), 10Year(s), 15Year(s), and 20Year(s).
  5. Click Confirm and Enable.
    After you enable your private CA, the value in the Status column for the private CA changes to Enabled.

What to do next

Apply for a private certificate: After you enable a private root CA and then a private intermediate CA, you can apply for a private certificate from the enabled private intermediate CA.

Related operations

Revoke a private CA: Before a private CA expires, if you no longer want to use the private CA, you can revoke it.