If you have issued SSL certificates that are purchased from a third-party certificate service provider and you want to manage all your certificates by using Certificate Management Service, you can upload the SSL certificates to the Certificate Management Service console. This topic describes how to upload a certificate to the Certificate Management Service console.

Prerequisites

The following files are prepared for the certificate that you want to upload:
  • A PEM-encoded certificate authority (CA) certificate file in the PEM or CRT format
  • A PEM-encoded private key file in the KEY format

Usage notes

After you upload a certificate to the Certificate Management Service console, you cannot download the certificate. This helps ensure the data security of your certificate.

Procedure

  1. Log on to the SSL Certificates Service console.
  2. If the Chinese Mainland region is displayed, switch the region to the Outside Chinese Mainland region in the top navigation bar.
    You cannot upload certificates to the Chinese Mainland region. Switch the region
  3. On the SSL Certificates page, click the Manage Uploaded Certificates tab. Then, click Upload Certificate.
  4. In the Upload Certificate panel, configure the parameters. Upload Certificate
    The parameters that you must configure when you set Certificate Algorithm to Internationally Accepted Algorithm are different from the parameters that you must configure when you set Certificate Algorithm to SM2 Algorithm.The following tables describe the parameters.
    • Internationally Accepted Algorithm
      Parameter Description
      Certificate Algorithm Select Internationally Accepted Algorithm. This type of algorithm is released by the National Security Agency (NSA) of the United States. The Certificate Management Service console supports the RSA algorithm, which is an asymmetric cryptography algorithm.
      Certificate Name Enter a name for the certificate that you want to upload.

      The name can contain letters, digits, underscores (_), and hyphens (-).

      Certificate File Enter the content of the PEM-encoded CA certificate file.

      You can use one of the following methods to enter the content. Method 1: Use a text editor to open the CA certificate file in the PEM or CRT format. Then, copy the content to the Certificate File field. Method 2: Click Upload below the Certificate File field. Then, select the CA certificate file from your computer to upload the content of the file.

      Certificate Key Enter the content of the PEM-encoded private key file.

      You can use one of the following methods to enter the content. Method 1: Use a text editor to open the private key file in the KEY format. Then, copy the content to the Certificate Key field. Method 2: Click Upload below the Certificate Key field. Then, select the private key file from your computer to upload the content of the file.

    • SM2 Algorithm
      Parameter Description
      Certificate Algorithm Select SM2 Algorithm. This type of algorithm is released by the State Cryptography Administration (SCA) of China. The Certificate Management Service console supports the SM2 algorithm, which is an asymmetric cryptography algorithm.
      Certificate Name Enter a name for the certificate that you want to upload.

      The name can contain letters, digits, underscores (_), and hyphens (-).

      Certificate File Enter the content of the PEM-encoded CA certificate file of the signing certificate that you want to upload.

      You can use one of the following methods to enter the content. Method 1: Use a text editor to open the CA certificate file in the PEM or CRT format. Then, copy the content to the Certificate File field. Method 2: Click Upload below the Certificate File field. Then, select the CA certificate file from your computer to upload the content of the file.

      Certificate Key Enter the content of the PEM-encoded private key file of the signing certificate that you want to upload.

      You can use one of the following methods to enter the content. Method 1: Use a text editor to open the private key file in the KEY format. Then, copy the content to the Certificate Key field. Method 2: Click Upload below the Certificate Key field. Then, select the private key file from your computer to upload the content of the file.

      Encryption Certificate Enter the content of the PEM-encoded CA certificate file of the encryption certificate that you want to upload.

      You can use one of the following methods to enter the content. Method 1: Use a text editor to open the CA certificate file in the PEM or CRT format. Then, copy the content to the Certificate File field. Method 2: Click Upload below the Certificate File field. Then, select the CA certificate file from your computer to upload the content of the file.

      Encryption Private Key Enter the content of the PEM-encoded private key file of the encryption certificate that you want to upload.

      You can use one of the following methods to enter the content. Method 1: Use a text editor to open the private key file in the KEY format. Then, copy the content to the Certificate Key field. Method 2: Click Upload below the Certificate Key field. Then, select the private key file from your computer to upload the content of the file.

    Notice In the Certificate Management Service console, you can upload only PEM-encoded CA certificate files and private key files. If your CA certificate files or private key files are not PEM-encoded, you must convert the files to PEM-encoded files before you can upload the files. For more information about how to convert files, see Certificate format conversion. If you cannot convert a CA certificate file or private key file to a PEM-encoded file, you can use a text editor or programming tool to open the CA certificate file or private key file, and then copy and paste the content of the file to the Upload Certificate panel.
  5. Click OK.
    After the certificate is uploaded, you can view the certificate in the certificate list.

What to do next

  • Manually renew an uploaded certificate

    When an uploaded certificate is due to expire, you can manually renew the certificate in the Certificate Management Service console. For more information, see Manually renew an SSL certificate.

  • Delete an uploaded certificate
    If you do not want to manage an uploaded certificate in the Certificate Management Service console, you can find the certificate and click Delete in the Actions column to delete the certificate.
    Notice After a certificate is deleted, the certificate is removed from the list of uploaded certificates. The validity period of the certificate is not affected. A deleted certificate cannot be restored. Proceed with caution when you delete a certificate.