Certificate Management Service supports Private Certificate Authority (PCA). PCA allows you to build a private certificate platform for your enterprise in an efficient manner. Then, you can issue and manage self-signed private certificates within your enterprise. Private certificates are used to authenticate applications and encrypt and decrypt the data of your enterprise.
Limits
PCA is available only in the Germany (Frankfurt) region. If you use PCA, the data of your private certificates is stored on servers in the Germany (Frankfurt) region.
Scenarios
PCA is suitable for the scenarios in which you need to encrypt internal application data by using cryptographic technologies. In these scenarios, regulatory requirements and industry standards are not involved. The cryptographic technology of PCA enables secure data transmission, data encryption and decryption, and identity authentication between internal applications. These applications include internal office automation (OA) and human resources (HR) systems.
Procedure
PCA is a private certificate service that is provided by Alibaba Cloud. You can purchase a private root certificate authority (CA) and a private intermediate CA to build a private certificate platform for your enterprise. This way, you can manage private certificates within your enterprise by using the platform. You can purchase multiple private intermediate CAs for a private root CA based on the organizational structure of your enterprise. This way, you can manage private certificates by department.
Step | Description | References | Cancellation |
1 | The first time you create a private CA, you must purchase a private root CA. Then, you can obtain one private root CA and one private intermediate CA. By default, the private root CA provides a quota that allows the private intermediate CA to issue 10 private certificates. | For more information about how to request a refund, see Request a refund. After you request a refund for a private CA and the refund is returned, you can remove the private CA from the private CA list. | |
2 | Enable the private CA. The first time you enable a private CA, you must enable the private root CA and then the private intermediate CA. When you enable a private root CA, you can set Enable Mode to Create CA Certificate. Then, Alibaba Cloud manages the root certificate, which helps save time. You can also set Enable Mode to Upload CA Certificate and Private Key and manage the certificate by yourself. | If a private CA is in the Enabled state, you can revoke the private CA. After the private CA is revoked, you can remove the private CA from the private CA list. For more information, see Revoke a private CA. Important If an enabled private root CA or private intermediate CA is reset within seven calendar days after you place an order, you can request a refund for the order. For more information about how to reset a private CA, see Reset a private CA. | |
3 | Assign the quota on private certificates. The first time you use a private intermediate CA, you must assign the quota on private certificates. Then, you can apply for private certificates from the private intermediate CA. | Not supported. | |
4 | Apply for a private certificate from the private intermediate CA that is enabled. A private root CA can issue only private intermediate CAs. Only private intermediate CAs can issue private certificates, including server certificates and client certificates. | If a private certificate is normal, you can revoke the private certificate. After the private certificate is revoked, you can remove the private certificate from the private certificate list. For more information, see Revoke a private certificate. | |
5 | Download and send the private certificate to users for installation. A server certificate must be installed on a server, and a client certificate must be installed on a client browser. | N/A. |