Private Certificate Authority (PCA) allows you to build a private certificate platform within your enterprise by performing visualized operations. PCA helps you implement application identity authentication and data encryption and decryption within your enterprise. Certificate Management Service offers a 30-day free trial of PCA. This topic describes how to apply for a free trial of PCA.


You can apply for a free trial of PCA only by using an Alibaba Cloud account that has not been used to purchase a private CA.

Apply for a free trial

  1. Log on to the SSL Certificates Service console.
  2. In the left-side navigation pane, click Private Certificates.
  3. On the Private CAs tab, click Start Free Trial.
  4. In the Free Trial panel, select an encryption algorithm for private certificates and click OK.
    The following encryption algorithms are supported:
    • RSA: The RSA algorithm is an asymmetric algorithm that is widely used in the world and provides high compatibility. This is the default value.
    • ECC: The ECC algorithm is an encryption algorithm based on elliptic curves.

      Compared with the RSA algorithm, the ECC algorithm is more advanced and secure. The ECC algorithm provides faster encryption and higher efficiency at lower server resource consumption. The ECC algorithm is promoted among mainstream browsers.

    • SM2: The SM2 algorithm is developed and approved by the State Cryptography Administration of China based on the ECC algorithm. The SM2 algorithm is used to replace the RSA algorithm in Chinese commercial cryptography systems.
  5. In the Tip message, click OK.
    After you apply for a free trial, Certificate Management Service automatically creates a private root CA and a private intermediate CA. The private root CA has a quota that allows the private intermediate CA to issue 10 private certificates.

You can use the private root CA and private intermediate CA to build a private certificate platform within your enterprise. For more information, see Purchase and enable a private CA.

What do I do after the free trial expires?

The private root CA and private intermediate CA that are created in the free trial are valid for 30 days. After the 30 days, you can no longer use the private root CA and private intermediate CA, and all private certificates that are issued by the private intermediate CA also become invalid. If you want to continue using PCA, you must renew the private root CA.