Certificate Management Service:Manually create or upload a CSR

Create a CSR

1. Log on to the Certificate Management Service console.

2. In the left-side navigation pane, choose Certificate Management > SSL Certificate Management.

3. On the CSR Management tab, click Create CSR.

4. In the CSR Generation Tool panel, configure the CSR parameters based on the following table, and click OK.

   Parameter	Description
   CSR Name	Enter a name for the CSR. You can enter letters, digits, underscores (_), hyphens (-), and periods (.). The name can be up to 50 characters in length.
   Domain Name	Enter the domain name for which you want to apply for a certificate. Note You can enter only one domain name. If you want to apply for an SSL certificate for multiple domain names, enter one domain name here and enter the other domain names in the Other Domain Names text box.
   Other Domain Names	Enter other domain names that share the same certificate with the domain name that you specified in the Domain Name field. If you enter multiple domain names, separate them with commas (,). Example: If you want to bind www.aliyundoc.com, example.aliyundoc.com, and test.aliyundoc.com to the same SSL certificate, you can set Domain Name to www.aliyundoc.com and Other Domain Names to example.aliyundoc.com,test.aliyundoc.com.
   Contact	Select the contact information (including name and mobile phone number) of the person who is responsible for certificate management. If you have not created a contact, you can click Create Contact to create one. Certificate Management Service saves the created contact for subsequent use. For more information about how to create a contact, see Manage contacts.
   Company	Select the enterprise information (including name and phone number) for the certificate application. If you have not created company information, you can click Create Company to create company information. Certificate Management Service saves the created company profile for subsequent use. For more information about how to create company information, see Create company information.
   Key Algorithm	Select the type of the key algorithm that you want to use. Valid values: RSA (default): A widely used asymmetric key encryption algorithm with good compatibility. ECC: Elliptic Curve Cryptography. Compared with the RSA algorithm, the ECC algorithm is more advanced and secure. The ECC algorithm provides faster encryption and higher efficiency at lower server resource consumption. The ECC algorithm is promoted among mainstream browsers. SM2: An ECC elliptic curve encryption algorithm released by the State Cryptography Administration of China. This algorithm is suitable for government agencies, public institutions, large state-owned enterprises, and financial banks that need to implement localization transformation and comply with Chinese cryptographic algorithm requirements.
   Key Strength	Select the encryption strength that you want to use. Valid values for the RSA algorithm: 2048, 3072, and 4096. Valid values for the ECC algorithm: p256, p384, and p512. Valid value for the SM2 algorithm: 256.

   When you submit a certificate application later, you can set CSR Generation Method to Select An Existing CSR and select a CSR from the matched CSRs. For more information, see Apply for a certificate.

   

Upload a CSR

If you need to use a CSR that is not created in the Certificate Management Service console when you apply for a certificate, you can upload an existing CSR for certificate application and centralized management.

1. Log on to the Certificate Management Service console.

2. In the left-side navigation pane, choose Certificate Management > SSL Certificate Management.

3. On the CSR Management tab, click Upload CSR.

4. In the Upload CSR panel, enter the CSR file content and private key content, and click OK.

   Parameter	Description
   CSR Name	Enter a name for the CSR. You can enter letters, digits, underscores (_), and hyphens (-). The name can be up to 50 characters in length.
   CSR File Content	Enter the content of the CSR file. You can use a text editor to open the CSR file, copy the content, and paste it into this text box. Alternatively, you can click Upload below the text box and select the CSR file stored on your local computer to upload the file content to the text box.
   Private Key Content	Enter the content of the PEM-encoded private key file. You can use a text editor to open the KEY format private key file of the certificate, copy the content, and paste it into this text box. Alternatively, you can click Upload below the text box and select the private key file stored on your local computer to upload the file content to the text box.

   When you submit a certificate application later, you can set CSR Generation Method to Select An Existing CSR and select a CSR from the matched CSRs. For more information, see Apply for a certificate.