If you have SSL certificates that you purchased from and issued by a third-party certification service provider, you can upload your certificates to the SSL Certificates Service console. Then, you can deploy your certificates to Alibaba Cloud services and manage all your certificates in a centralized manner. This topic describes how to upload a certificate to the SSL Certificates Service console.

Prerequisites

The following files are prepared for the certificate that you want to upload:
  • A PEM-encoded certificate authority (CA) certificate file in the PEM or CRT format
  • A PEM-encoded private key file in the KEY format

Usage notes

After you upload a certificate to the SSL Certificates Service console, you cannot download the certificate. This helps ensure the data security of your certificate.

Procedure

  1. Log on to the SSL Certificates Service console.
  2. On the Overview page, click Upload Certificate above the certificate list.
  3. In the Upload Certificate dialog box, configure the parameters. Upload certificates
    The parameters that you must configure when you set Certificate Algorithm to Internationally Accepted Algorithm are different from the parameters that you must configure when you set Certificate Algorithm to SM2 Algorithm.The following table describes the parameters.
    • Internationally Accepted Algorithm
      Parameter Description
      Certificate Algorithm Select the algorithm type of the certificate that you want to upload.

      Select Internationally Accepted Algorithm. This type of algorithm is released by the National Security Agency (NSA) of the United States. The SSL Certificates Service console supports the RSA algorithm, which is an asymmetric cryptography algorithm.

      Certificate Name Enter a name for the certificate that you want to upload.

      The name can contain letters, digits, underscores (_), and hyphens (-).

      Certificate File Enter the content of the PEM-encoded CA certificate file.

      You can use one of the following methods to enter the content. Method 1: Use a text editor to open the CA certificate file in the PEM or CRT format. Then, copy the content to the Certificate File field. Method 2: Click Upload below the Certificate File field. Then, select the CA certificate file from your computer to upload the content of the file.

      Certificate Key Enter the content of the PEM-encoded private key file.

      You can use one of the following methods to enter the content. Method 1: Use a text editor to open the private key certificate file in the KEY format. Then, copy the content to the Certificate Key field. Method 2: Click Upload below the Certificate Key field. Then, select the private key file from your computer to upload the content of the file.

    • SM2 Algorithm
      Parameter Description
      Certificate Algorithm Select the algorithm type of the certificate that you want to upload.

      Select SM2 Algorithm. This type of algorithm is released by the State Cryptography Administration (SCA) of China. The SSL Certificates Service console supports the SM2 algorithm, which is an asymmetric cryptography algorithm.

      Certificate Name Enter a name for the certificate that you want to upload.

      The name can contain letters, digits, underscores (_), and hyphens (-).

      Certificate File Enter the content of the PEM-encoded CA certificate file of the signing certificate that you want to upload.

      You can use one of the following methods to enter the content. Method 1: Use a text editor to open the CA certificate file in the PEM or CRT format. Then, copy the content to the Certificate File field. Method 2: Click Upload below the Certificate File field. Then, select the CA certificate file from your computer to upload the content of the file.

      Certificate Key Enter the content of the PEM-encoded private key file of the signing certificate that you want to upload.

      You can use one of the following methods to enter the content. Method 1: Use a text editor to open the private key file in the KEY format. Then, copy the content to the Certificate Key field. Method 2: Click Upload below the Certificate Key field. Then, select the private key file from your computer to upload the content of the file.

      Encrypted Certificate Enter the content of the PEM-encoded encrypted CA certificate file of the encryption certificate that you want to upload.

      You can use one of the following methods to enter the content. Method 1: Use a text editor to open the CA certificate file in the PEM or CRT format. Then, copy the content to the Certificate File field. Method 2: Click Upload below the Certificate File field. Then, select the CA certificate file from your computer to upload the content of the file.

      Encrypted Private Key Enter the content of the PEM-encoded encrypted private key file of the encryption certificate that you want to upload.

      You can use one of the following methods to enter the content. Method 1: Use a text editor to open the private key file in the KEY format. Then, copy the content to the Certificate Key field. Method 2: Click Upload below the Certificate Key field. Then, select the private key file from your computer to upload the content of the file.

    Notice In the SSL Certificates Service console, you can upload only PEM-encoded CA certificate files and private key files. If your CA certificate files or private key files are not PEM-encoded, you must convert the files to PEM-encoded files before you can upload the files. For more information about how to convert files, see Certificate format conversion. If you cannot convert a CA certificate file to a PEM-encoded file, you can convert the CA certificate file to a TXT file. You can also use a programming tool to open the CA certificate file. Then, copy and paste the content of the file in the Upload Certificate dialog box.
  4. Click OK.
    After the certificate is uploaded, you can view the certificate in the certificate list.

What to do next

You can deploy the certificate that you upload to Alibaba Cloud services. For more information, see Deploy certificates to Alibaba Cloud services.