Certificate Management Service:Manage CSRs

Create a CSR

1. Log on to the SSL Certificates Service console.
2. On the SSL Certificates page, click the Manage CSRs tab.
3. Click Create CSR.
4. In the CSR Generator panel, configure the parameters.

   Parameter	Description
   CSR Name	Enter a name for the CSR. You can enter letters, digits, underscores (_), and hyphens (-). The name can be up to 50 characters in length.
   Domains	Enter the domain name for which you want to apply for a certificate. Notice You can enter only one domain name. If you want to apply for the same certificate for multiple domain names, you can enter one domain name in this field and enter other domain names in the SANs field. If you want to use the CSR to apply for a certificate, the value of Domains to Bind that you specify when you apply for the certificate must contain the domain name that you specify for this parameter. For example, if you set Domains to aliyundoc.com, the value of Domains to Bind that you specify when you apply for a certificate must contain aliyundoc.com.
   SANs	Enter other domain names that share the same certificate with the domain name specified by Domains. If you enter multiple domain names, separate them with commas (,). For example, if you want to apply for a certificate for the domain names www.aliyundoc.com, example.aliyundoc.com, and test.aliyundoc.com, you can set Domains to www.aliyundoc.com, and set SANs to example.aliyundoc.com,test.aliyundoc.com.
   Contact	Specify the contact for the certificate that you want to apply for. The information includes the name and phone number of a contact. If you have not created a contact, you can click Create Contact to create one. Certificate Management Service saves the created contact for you to use next time. For more information about how to create a contact, see Create a contact.
   Company	Specify the company profile for the certificate that you want to apply for. The information includes the name and phone number of a company. If you have not created a company profile, you can click Create Company Profile to create one. Certificate Management Service saves the created company profile for you to use next time. For more information about how to create a company profile, see Create a company profile.
   Encryption Algorithm	Select the type of the key algorithm that you want to use. Valid values: RSA: The RSA algorithm is an asymmetric algorithm that is widely used and provides high compatibility. ECC: The ECC algorithm is a public key encryption algorithm based on elliptic curves. Compared with the RSA algorithm, the ECC algorithm is more advanced and secure. The ECC algorithm provides faster encryption and higher efficiency at lower server resource consumption. The ECC algorithm is promoted among mainstream browsers. SM2: The SM2 algorithm is developed and approved by the State Cryptography Administration of China based on the ECC algorithm. The SM2 algorithm is used to replace the RSA algorithm in Chinese commercial cryptography systems.
   Encryption Strength	Select the encryption strength that you want to use. If you set Encryption Algorithm to RSA, you can select 2048, 3072, or 4096. If you set Encryption Algorithm to ECC, you can select p256, p384, or p512. If you set Encryption Algorithm to SM2, the value is fixed as 256.

5. Click Generate CSR.
   After you complete the preceding operations, you can view the created CSR in the CSR list.

   When you apply for a certificate, you can set CSR Generation to Select Existing CSR and select a CSR from the drop-down list. For more information, see Required information for certificate application.

Upload a CSR

If you want to use a CSR that is not created in the Certificate Management Service console when you apply for a certificate, you can upload existing CSRs in advance. This also helps you manage your CSRs in a centralized manner.

1. Log on to the SSL Certificates Service console.
2. On the SSL Certificates page, click the Manage CSRs tab.
3. Click Upload CSR.
4. In the Upload CSR panel, configure the parameters.

   Parameter	Description
   CSR Name	Enter a name for the CSR. You can enter letters, digits, underscores (_), and hyphens (-). The name can be up to 50 characters in length.
   CSR File	Enter the content of the CSR file. You can use one of the following methods to enter the content. Method 1: Use a text editor to open the CSR file. Then, copy the content to the CSR File field. Method 2: Click Upload below the CSR File field. Then, select the CSR file from your computer to upload the content of the file.
   Private Key Content	Enter the content of the PEM-encoded private key file. You can use one of the following methods to enter the content. Method 1: Use a text editor to open the private key file in the KEY format. Then, copy the content to the Private Key Content field. Method 2: Click Upload below the Private Key Content field. Then, select the private key file from your computer to upload the content of the file.

5. Click OK.
   After you complete the preceding operations, you can view the uploaded CSR in the CSR list.

   When you apply for a certificate, you can set CSR Generation to Select Existing CSR and select a CSR from the drop-down list.

Obtain the content and private key of a CSR

You can view the details about a CSR to obtain the content and private key of a created or uploaded CSR.

1. Log on to the SSL Certificates Service console.
2. On the SSL Certificates page, click the Manage CSRs tab.
3. Find a CSR and click Details in the Actions column.
4. In the Details panel, click View CSR Content and Private Key.
5. In the Note message, click OK.
   You can view the content and private key of the CSR in the lower part of the Details panel. You can also click Copy to copy the content or private key.

Delete a CSR

1. Log on to the SSL Certificates Service console.
2. On the SSL Certificates page, click the Manage CSRs tab.
3. Find a CSR and click Delete in the Actions column.
4. In the Confirmation message, click Confirm.