All Products
Search

This Product

    Certificate Management Service:Create and manage a certificate application repository

    Document Center

    Certificate Management Service:Create and manage a certificate application repository

    Last Updated:Jun 17, 2025

    You can create certificate application repositories to classify certificates from different data sources, including Alibaba Cloud certificates and local certificates. You can also use certificates in certificate application repositories to sign contracts or encrypt data. This topic describes how to create and manage a certificate application repository.

    Create a certificate application repository

    1. Log on to the Certificate Management Service console.

    2. In the left-side navigation pane, choose Certificate and Domain Application Services > Certificate Application Repository.

    3. On the Certificate Application Repository page, click Create Repository.

    4. In the Create Repository panel, configure the following parameters and click OK.

      Parameter

      Description

      Repository Name

      The name of the repository.

      Data Source

      Uploaded Certificates

      Suitable scenarios:

      • You can manage uploaded certificates, including self-signed certificates, certificates issued by third parties, and certificates issued by Alibaba Cloud.

      • You can use uploaded certificates to sign, encrypt, or decrypt data.

      Uploaded CA Certificates

      Suitable scenarios:

      Alibaba Cloud Private CA

      Suitable scenarios:

      • You can manage Alibaba Cloud private CA certificates in all regions within the current account.

      • You can enable mutual authentication for Alibaba Cloud services. For example, you can configure mutual authentication for an SLB instance and Anti-DDoS Proxy.

      Note

      Alibaba Cloud Private Certificates

      Not supported on the international website (alibabacloud.com)

      Suitable scenarios:

      • You can manage Alibaba Cloud private certificates within the current account.

      • You can select an Alibaba Cloud private certificate from this repository to encrypt data such as an office automation (OA) approval. After you create a certificate application repository, you can encrypt data by calling a certificate application repository-related API operation.

      Note

      An intermediate CA can be associated with only one certificate application repository.

      Alibaba Cloud Compliant Certificates

      Not supported on the international website (alibabacloud.com)

      Suitable scenarios:

      • You can manage Alibaba Cloud compliant certificates within the current account.

      • You can perform an operation such as electronic signature generation or contract signing. You must select Sign Contract for Scenario. In this case, you can create a free compliant CA and apply for compliant certificates by using the CA.

        After you apply for a compliant certificate, you can select call a certificate application repository-related API operation for contract signing.

      Note

      An intermediate CA can be associated with only one certificate application repository.

    Manage a certificate application repository

    1. Log on to the Certificate Management Service console.

    2. In the left-side navigation pane, choose Certificate and Domain Application Services > Certificate Application Repository.

    3. On the Certificate Application Repository page, find the certificate application repository that you want to manage. The following table describes the operations that you can perform.

      Operation

      Scenario

      Procedure

      Reset a certificate application repository

      You can reset a certificate application repository in the following scenarios:

      • If you select an incorrect data source when you create or enable a certificate application repository, you can reset the certificate application repository to change the data source.

      • If you no longer require a certificate application repository and want to delete it, you can reset it.

      Important

      After you reset a certificate application repository, it cannot be restored. Proceed with caution.

      1. Click Reset.

      2. In the Tip dialog box, select I understand the risks of the reset operation and confirm the operation. and click Reset.

      Enable a certificate application repository

      You want to use a certificate application repository that is reset.

      1. Click Enabled.

      2. In the Enabled panel, configure the Data Source parameter and click Enabled.

      Delete a certificate application repository

      If you no longer require a certificate application repository, you can delete it.

      Important

      You can delete a certificate application repository only after it is reset.

      1. Click Delete.

      2. In the Confirmation message, click Delete.

      Change the name of a certificate application repository

      If you do not enter a name or enter an incorrect name when you create a certificate application repository, you can change the name of the certificate application repository.

      1. Move the pointer over the name of a certificate application repository and click Modify.

      2. Enter a new name and click Save.

    References