After the Private Certificate Authority (PCA) service expires, you must renew your private CA in the SSL Certificates Service console to extend the service life. Then, you can continue to use the private CA to issue and manage private certificates. This topic describes how to renew a private CA.


A private CA is created. For more information about how to create a private CA, see Create a private CA.


  1. Log on to the SSL Certificates Service console.
  2. In the left-side navigation pane, click Private Certificates.
  3. On the Private Certificates page, find the private CA that you want to renew and click Renew in the Actions column.
    The private CA that you need to renew varies based on how you create the private CA. The following description provides specific instructions.
    • If the private root CA and the private intermediate CA are created together, you only need to renew the private root CA. The service life of both the private root CA and the private intermediate CA are extended.
    • If the private intermediate CA is separately created, you must separately renew the private intermediate CA. Only the service life of this private intermediate CA is extended.
  4. On the Renew page, confirm the information in the Current Config section, select a value for Service Duration to Purchase, select Terms of Service, and then click Buy Now.
  5. Confirm your order and complete the payment.
    After you complete the payment, you can log on to the SSL Certificates Service console and go to the Private Certificates page. On the Certificate Details page of the private CA, you can find that the value of Expire On is updated to the expiration time after the renewal.