A Certificate Signing Request (CSR) file is the original file of an SSL certificate. It contains information such as the public key for certificate issuance, the certificate holder entity, and geographic location. The CSR must be submitted to a Certificate Authority (CA) for verification. When you create a certificate in Alibaba Cloud, the system automatically generates a CSR. If you need to customize the key algorithm and its strength for your certificate, you can manually create a CSR or upload a locally generated CSR to the console. After a CSR is created, you can directly select an existing CSR when you submit a certificate request. This topic describes how to create or upload a CSR file.
Create a CSR
Log on to the Certificate Management Service console.
In the left-side navigation pane, choose .
On the CSR Management tab, click Create CSR.
In the CSR Generation Tool panel, configure the CSR parameters based on the following table, and click OK.
Parameter
Description
CSR Name
Enter a name for the CSR.
You can enter letters, digits, underscores (_), hyphens (-), and periods (.). The name can be up to 50 characters in length.
Domain Name
Enter the domain name for which you want to apply for a certificate.
NoteYou can enter only one domain name. If you want to apply for an SSL certificate for multiple domain names, enter one domain name here and enter the other domain names in the Other Domain Names text box.
Other Domain Names
Enter other domain names that share the same certificate with the domain name that you specified in the Domain Name field. If you enter multiple domain names, separate them with commas (,).
Example: If you want to bind
www.aliyundoc.com
,example.aliyundoc.com
, andtest.aliyundoc.com
to the same SSL certificate, you can set Domain Name towww.aliyundoc.com
and Other Domain Names toexample.aliyundoc.com,test.aliyundoc.com
.Contact
Select the contact information (including name and mobile phone number) of the person who is responsible for certificate management.
If you have not created a contact, you can click Create Contact to create one. Certificate Management Service saves the created contact for subsequent use. For more information about how to create a contact, see Manage contacts.
Company
Select the enterprise information (including name and phone number) for the certificate application.
If you have not created company information, you can click Create Company to create company information. Certificate Management Service saves the created company profile for subsequent use. For more information about how to create company information, see Create company information.
Key Algorithm
Select the type of the key algorithm that you want to use. Valid values:
RSA (default): A widely used asymmetric key encryption algorithm with good compatibility.
ECC: Elliptic Curve Cryptography. Compared with the RSA algorithm, the ECC algorithm is more advanced and secure. The ECC algorithm provides faster encryption and higher efficiency at lower server resource consumption. The ECC algorithm is promoted among mainstream browsers.
SM2: An ECC elliptic curve encryption algorithm released by the State Cryptography Administration of China. This algorithm is suitable for government agencies, public institutions, large state-owned enterprises, and financial banks that need to implement localization transformation and comply with Chinese cryptographic algorithm requirements.
Key Strength
Select the encryption strength that you want to use.
Valid values for the RSA algorithm: 2048, 3072, and 4096.
Valid values for the ECC algorithm: p256, p384, and p512.
Valid value for the SM2 algorithm: 256.
When you submit a certificate application later, you can set CSR Generation Method to Select An Existing CSR and select a CSR from the matched CSRs. For more information, see Apply for a certificate.
Upload a CSR
If you need to use a CSR that is not created in the Certificate Management Service console when you apply for a certificate, you can upload an existing CSR for certificate application and centralized management.
Log on to the Certificate Management Service console.
In the left-side navigation pane, choose .
On the CSR Management tab, click Upload CSR.
In the Upload CSR panel, enter the CSR file content and private key content, and click OK.
Parameter
Description
CSR Name
Enter a name for the CSR.
You can enter letters, digits, underscores (_), and hyphens (-). The name can be up to 50 characters in length.
CSR File Content
Enter the content of the CSR file.
You can use a text editor to open the CSR file, copy the content, and paste it into this text box. Alternatively, you can click Upload below the text box and select the CSR file stored on your local computer to upload the file content to the text box.
Private Key Content
Enter the content of the PEM-encoded private key file.
You can use a text editor to open the KEY format private key file of the certificate, copy the content, and paste it into this text box. Alternatively, you can click Upload below the text box and select the private key file stored on your local computer to upload the file content to the text box.
When you submit a certificate application later, you can set CSR Generation Method to Select An Existing CSR and select a CSR from the matched CSRs. For more information, see Apply for a certificate.