The certificate application repository is a centralized store for certificates from multiple sources — including local uploads and Alibaba Cloud-issued certificates. Beyond storage and management, it exposes an API for cryptographic operations (sign, verify, encrypt, and decrypt), so you can secure electronic contracts, invoices, and approval workflows.
What you can do
| Use case | Description | Get started |
|---|---|---|
| Manage certificates from multiple sources | Store and manage certificates from the following sources through the console or API:
| Manage certificates in a certificate application repository |
| Enable HTTPS mutual authentication for Alibaba Cloud services | Upload local CA certificates to the repository and select them in the target cloud service. For Alibaba Cloud private CA certificates, the system pulls them from all Alibaba Cloud regions automatically. | Manage certificates in a certificate application repository |
| Sign and verify signatures | Call the certificate application repository API to sign or verify signatures for electronic contracts, electronic invoicing, and OA approvals. | Certificate Repository Signing, Certificate Repository Signature Verification |
| Encrypt and decrypt sensitive data | Call the certificate application repository API to encrypt or decrypt data. Supported algorithms include RSA and SM2. | Certificate encryption in the certificate repository, Certificate decryption in the repository |
Billing
When you first create a certificate application repository, Alibaba Cloud provides 100 free API calls. These calls are consumed by signing, signature verification, encryption, and decryption operations. To purchase additional calls, see Purchase a certificate application repository API call package.