All Products
Search
Document Center

Certificate Management Service:Manually create or upload a CSR

Last Updated:Apr 22, 2025

A Certificate Signing Request (CSR) file is the original file of an SSL certificate. It contains information such as the public key for certificate issuance, the certificate holder entity, and geographic location. The CSR must be submitted to a Certificate Authority (CA) for verification. When you create a certificate in Alibaba Cloud, the system automatically generates a CSR. If you need to customize the key algorithm and its strength for your certificate, you can manually create a CSR or upload a locally generated CSR to the console. After a CSR is created, you can directly select an existing CSR when you submit a certificate request. This topic describes how to create or upload a CSR file.

Create a CSR

  1. Log on to the Certificate Management Service console.

  2. In the left-side navigation pane, choose Certificate Management > SSL Certificate Management.

  3. On the CSR Management tab, click Create CSR.

  4. In the CSR Generation Tool panel, configure the CSR parameters based on the following table, and click OK.

    Parameter

    Description

    CSR Name

    Enter a name for the CSR.

    You can enter letters, digits, underscores (_), hyphens (-), and periods (.). The name can be up to 50 characters in length.

    Domain Name

    Enter the domain name for which you want to apply for a certificate.

    Note

    You can enter only one domain name. If you want to apply for an SSL certificate for multiple domain names, enter one domain name here and enter the other domain names in the Other Domain Names text box.

    Other Domain Names

    Enter other domain names that share the same certificate with the domain name that you specified in the Domain Name field. If you enter multiple domain names, separate them with commas (,).

    Example: If you want to bind www.aliyundoc.com, example.aliyundoc.com, and test.aliyundoc.com to the same SSL certificate, you can set Domain Name to www.aliyundoc.com and Other Domain Names to example.aliyundoc.com,test.aliyundoc.com.

    Contact

    Select the contact information (including name and mobile phone number) of the person who is responsible for certificate management.

    If you have not created a contact, you can click Create Contact to create one. Certificate Management Service saves the created contact for subsequent use. For more information about how to create a contact, see Manage contacts.

    Company

    Select the enterprise information (including name and phone number) for the certificate application.

    If you have not created company information, you can click Create Company to create company information. Certificate Management Service saves the created company profile for subsequent use. For more information about how to create company information, see Create company information.

    Key Algorithm

    Select the type of the key algorithm that you want to use. Valid values:

    • RSA (default): A widely used asymmetric key encryption algorithm with good compatibility.

    • ECC: Elliptic Curve Cryptography. Compared with the RSA algorithm, the ECC algorithm is more advanced and secure. The ECC algorithm provides faster encryption and higher efficiency at lower server resource consumption. The ECC algorithm is promoted among mainstream browsers.

    • SM2: An ECC elliptic curve encryption algorithm released by the State Cryptography Administration of China. This algorithm is suitable for government agencies, public institutions, large state-owned enterprises, and financial banks that need to implement localization transformation and comply with Chinese cryptographic algorithm requirements.

    Key Strength

    Select the encryption strength that you want to use.

    Valid values for the RSA algorithm: 2048, 3072, and 4096.

    Valid values for the ECC algorithm: p256, p384, and p512.

    Valid value for the SM2 algorithm: 256.

    When you submit a certificate application later, you can set CSR Generation Method to Select An Existing CSR and select a CSR from the matched CSRs. For more information, see Apply for a certificate.

    image

Upload a CSR

If you need to use a CSR that is not created in the Certificate Management Service console when you apply for a certificate, you can upload an existing CSR for certificate application and centralized management.

  1. Log on to the Certificate Management Service console.

  2. In the left-side navigation pane, choose Certificate Management > SSL Certificate Management.

  3. On the CSR Management tab, click Upload CSR.

  4. In the Upload CSR panel, enter the CSR file content and private key content, and click OK.

    Parameter

    Description

    CSR Name

    Enter a name for the CSR.

    You can enter letters, digits, underscores (_), and hyphens (-). The name can be up to 50 characters in length.

    CSR File Content

    Enter the content of the CSR file.

    You can use a text editor to open the CSR file, copy the content, and paste it into this text box. Alternatively, you can click Upload below the text box and select the CSR file stored on your local computer to upload the file content to the text box.

    Private Key Content

    Enter the content of the PEM-encoded private key file.

    You can use a text editor to open the KEY format private key file of the certificate, copy the content, and paste it into this text box. Alternatively, you can click Upload below the text box and select the private key file stored on your local computer to upload the file content to the text box.

    When you submit a certificate application later, you can set CSR Generation Method to Select An Existing CSR and select a CSR from the matched CSRs. For more information, see Apply for a certificate.

    image

More operations

Obtain CSR content and private key

You can perform the following steps to obtain the content and private key of a created or uploaded CSR.

  1. Log on to the Certificate Management Service console.

  2. In the left-side navigation pane, choose Certificate Management > SSL Certificate Management.

  3. On the CSR Management tab, find the CSR that you want to view and click Details in the Actions column.

  4. In the Details panel, click View CSR Content And Private Key Content.

  5. In the Prompt dialog box, click OK.妥善保管CSR、私钥

Delete a CSR

If you no longer require a CSR, you can delete it.

Important

If you use a CSR when you apply for a certificate and the certificate is not issued, do not delete the CSR. Otherwise, the certificate may fail to be issued. The CSR cannot be restored after it is deleted. Proceed with caution.

  1. Log on to the Certificate Management Service console.

  2. In the left-side navigation pane, choose Certificate Management > SSL Certificate Management.

  3. On the CSR Management tab, find the CSR that you want to operate and click Delete in the Actions column.

  4. In the Confirm dialog box, click Confirm And Delete.确认并删除