Upload an SSL certificate or share an SSL certificate among different Alibaba Cloud accounts

If you have multiple Alibaba Cloud accounts and the accounts belong to the same individual or enterprise user who passed real-name verification, Certificate Management Service allows you to share an official certificate or an individual test certificate among the accounts. You can deploy the shared certificates to Alibaba Cloud services free of charge. If you use a certificate that is issued by a third-party service provider, you can click Upload Certificate in the Certificate Management Service console to upload the certificate for centralized management. The issued certificate can use an internationally accepted algorithm or the SM2 algorithm.

Upload a certificate

Before you upload a certificate, prepare the following files:

A PEM-encoded certificate file in the PEM or CRT format and a PEM-encoded private key file in the KEY format. If the certificate is in another format, you can use a tool to convert the certificate to the required format. For more information, see Convert the format of a certificate.
A certificate file and a private key file for your signing certificate, and a certificate file and a private key file for your encryption certificate. The preceding files are required when you upload an SM2 certificate. If you do not know the algorithm of your certificate, you can view the algorithm in the certificate details. For more information, see View information about a certificate.

Note

After you upload a certificate to the Certificate Management Service console, you cannot download the certificate. This helps ensure the data security of your certificate.

Log on to the Certificate Management Service console.
In the left-side navigation pane, choose Manage Certificates > SSL Certificate Management.
On the Manage Uploaded Certificates tab, click Manage Uploaded Certificates.

In the Manage Uploaded Certificates panel, configure the parameters and click OK.

The parameters that you must configure when you set Certificate Algorithm to Internationally Accepted Algorithm are different from the parameters that you must configure when you set Certificate Algorithm to SM2 Algorithm. The following tables describe the parameters.

Internationally Accepted Algorithm

Parameter	Description
Certificate Algorithm	Select Internationally Accepted Algorithm. This type of algorithm is released by the National Security Agency (NSA) of the United States. Certificate Management Service supports the Rivest-Shamir-Adleman (RSA) algorithm, which is an asymmetric cryptography algorithm.
Certificate Name	Enter a name for the certificate that you want to upload. The name can contain letters, digits, periods (.), underscores (_), and hyphens (-).
Certificate File	Enter the content of the PEM-encoded certificate file. You can use one of the following methods to enter the content. Method 1: Use a text editor to open the certificate file in the PEM or CRT format. Then, copy the content to the Certificate File field. Method 2: Click Upload below the Certificate File field. Then, select the certificate file from your computer to upload the content of the file.
Certificate Key	Enter the content of the PEM-encoded private key file. You can use one of the following methods: Manually specify the content: Use a text editor to open the private key file in the KEY format. Then, copy the content to the Certificate Key field. Upload the private key file: Click Upload below the Certificate Key field. Then, select the private key file from your computer to upload the file content to the field. Select an existing CSR: You can select a certificate signing request (CSR) that is created in or uploaded to the Certificate Management Service console. The system automatically matches the CSR of the specified certificate file. For more information about how to manage CSRs, see Manage CSRs. Note If the system reports an error indicating that the certificate and private key do not match after you upload the private key file, the private key file may contain RSA characters. You can run the `openssl rsa -in <Original name of the private key file> -out <New custom name of the private key file>` command to convert the characters and re-upload the file.
Certificate Chain	Optional. Enter the content of the certificate chain file. If the certificate file contains the complete certificate chain, you do not need to configure this parameter. For more information about how to check the integrity of a certificate chain in a certificate file, see How do I troubleshoot the issue that the certificate chain of a website is incomplete? You can use one of the following methods to enter the content. Method 1: Use a text editor to open the certificate chain file. Then, copy the content to the Certificate Chain field. Method 2: Click Upload below the Certificate Chain field. Then, select the certificate chain file from your computer to upload the content of the file.

SM2 Algorithm

Parameter	Description
Certificate Algorithm	Select SM2 Algorithm. This type of algorithm is released by the State Cryptography Administration (SCA) of China. Certificate Management Service supports the SM2 algorithm, which is an asymmetric cryptography algorithm.
Certificate Name	Enter a name for the certificate that you want to upload. The name can contain letters, digits, underscores (_), and hyphens (-).
Certificate File	Enter the content of the PEM-encoded certificate file of the signing certificate that you want to upload. You can use one of the following methods to enter the content. Method 1: Use a text editor to open the certificate file in the PEM or CRT format. Then, copy the content to the Certificate File field. Method 2: Click Upload below the Certificate File field. Then, select the certificate file from your computer to upload the content of the file.
Certificate Key	Enter the content of the PEM-encoded private key file of the signing certificate that you want to upload. You can use one of the following methods to enter the content. Method 1: Use a text editor to open the private key file in the KEY format. Then, copy the content to the Certificate Key field. Method 2: Click Upload below the Certificate Key field. Then, select the private key file from your computer to upload the content of the file.
Encryption Certificate	Enter the content of the PEM-encoded certificate file of the encryption certificate that you want to upload. You can use one of the following methods to enter the content. Method 1: Use a text editor to open the certificate file in the PEM or CRT format. Then, copy the content to the Certificate File field. Method 2: Click Upload below the Certificate File field. Then, select the certificate file from your computer to upload the content of the file.
Encryption Private Key	Enter the content of the PEM-encoded private key file of the encryption certificate that you want to upload. You can use one of the following methods to enter the content. Method 1: Use a text editor to open the private key file in the KEY format. Then, copy the content to the Certificate Key field. Method 2: Click Upload below the Certificate Key field. Then, select the private key file from your computer to upload the content of the file.

After the certificate is uploaded, you can view the certificate in the certificate list. If you do not want to manage an uploaded certificate in the Certificate Management Service console, you can find the certificate and click Delete in the Actions column to delete the certificate. For more information, see Delete a certificate.

Important

After a certificate is deleted, the certificate is removed from the list of uploaded certificates. The validity period of the certificate is not affected. A deleted certificate cannot be restored. Proceed with caution.

Share a certificate

If you have multiple Alibaba Cloud accounts and the accounts belong to the same individual or enterprise user who passed real-name verification, Certificate Management Service allows you to share a certificate among the accounts. After you share a certificate among multiple accounts, you can use one of the accounts to deploy the certificate to Alibaba Cloud services free of charge.

Limits

You cannot share a certificate in the following scenarios:

You cannot share a certificate that is applied for by using an Alibaba Cloud account on the China site (aliyun.com) with an Alibaba Cloud account on the international site (alibabacloud.com). You cannot share a certificate that is applied for by using an Alibaba Cloud account on the international site (alibabacloud.com) with an Alibaba Cloud account on the China site (aliyun.com).
You cannot share a certificate that is shared to the current Alibaba Cloud account with another Alibaba Cloud account. For example, you have Alibaba Cloud accounts A, B, and C. After you use Account A to share a certificate with Account B, you cannot use Account B to share the certificate with Account C.
You cannot share an uploaded certificate.

If you do not meet the conditions for sharing a certificate, you can download a certificate by using the current account and upload the certificate by using another account. For more information, see Download a certificate to your computer and Upload an SSL certificate.

Procedure

Log on to the Certificate Management Service console.
In the left-side navigation pane, choose Manage Certificates > SSL Certificate Management.
On the Official Certificate tab, find the issued certificate that you want to share and go to the Share Certificate panel.
In the Share Certificate panel, set the Account ID parameter to the ID of the Alibaba Cloud account to which you want to share the certificate. Then, click Confirm and Share.
After a certificate is shared, you can log on to the Certificate Management Service console by using the Alibaba Cloud account to which the certificate is shared and go to the Manage Uploaded Certificates tab of the SSL Certificate Management page to view the certificate. The icon is displayed in the Status column of the shared certificate.

References

Enable hosting for an issued certificate or an uploaded certificate by renewing the certificate

Upload an SSL certificate or share an SSL certificate among different Alibaba Cloud accounts - Certificate Management Service (2024)

FAQs

How to upload an SSL certificate? ›

Upload a custom certificate

Log in to the Cloudflare dashboard ↗ and select your account.
Select your application.
Go to SSL/TLS.
In Edge Certificates, select Upload Custom SSL Certificate.
Copy and paste relevant values into SSL Certificate and Private key text areas (or select Paste from file).

More items...

Read On ›

How to share an SSL certificate? ›

After you have added an SSL certificate to your server (such as a signed CA certificate), you must share a copy of public key for that certificate with your partner. One method is to extract the public key from your server certificate and then send it to your partner.

Discover More Details ›

How do I transfer SSL certificate from one server to another? ›

Moving an SSL certificate from one Windows server to another is possible by exporting a PFX file from the server the certificate is already installed on and importing it to another server. Creating a PFX file is the only way to transfer the certificate with the corresponding private key from a Windows server.

What is SSL certificate actually doing? ›

An SSL certificate is a digital certificate that authenticates a website's identity and enables an encrypted connection. SSL stands for Secure Sockets Layer, a security protocol that creates an encrypted link between a web server and a web browser.

See Details ›

How much does an SSL certificate cost? ›

On average, a Secure Sockets Layer (SSL) certificate costs around $60/year. However, the price can vary from $8 to $1000/year, depending on various factors, such as the number of domains one can protect, the validation process, the warranty, or the certificate authority itself.

Find Out More ›

Can I issue my own SSL certificate? ›

Technically, anyone can create their own SSL certificate by generating a public-private key pairing and including all the information mentioned above. Such certificates are called self-signed certificates because the digital signature used, instead of being from a CA, would be the website's own private key.

Tell Me More ›

Is an SSL certificate free? ›

Free SSL Certificates

It's available in two options: Self-Signed Certificates and SSL Certificates signed by a Certificate Authority. Its level of encryption is comparable to paid SSLs. Both free and paid SSL certificates provide 256-bit certificate encryption and 2048-bit key encryption.

Show Me More ›

How can I upload a free SSL certificate? ›

1. Verify Domain and Access hPanel

Perform Domain Verification.
Create a Subdomain.
Choose a Certificate Authority.
Generate a Certificate Signing Request (CSR)
Validate Domain Ownership.
Submit Certificate Signing Request to the Issuing Authority.
Install SSL Certificate.
Renew SSL Certificate.

Explore More ›

Do I need an SSL certificate? ›

To run a successful business website, you need an SSL certificate to prevent traffic interruption. Even if you don't collect any information from your website visitors, your website requires an SSL certificate to prevent customers from getting a pop-up that indicates your website is unsecured.

Can you have 2 SSL certificates on one server? ›

The answer is yes. And there are plenty of websites that do. But before you try to install multiple SSL certificates on one domain there are some things you should know first.

Show Me More ›

Can SSL be transferred? ›

Yes. If you're transferring from another hosting provider to Crazy Domains. Keep in mind that your SSL is the one thing you should not forget to include during the transfer process.

Read The Full Story ›

How do I retrieve an SSL certificate from a server? ›

Using OpenSSL to View SSL Certificate Details

Open Command Prompt. On Windows, open the Command Prompt. ...
Enter OpenSSL Command. openssl x509 -in [CERT-FILENAME] -text -noout. ...
Review Details. Go through the certificate details dumped on your terminal to identify and validate your SSL certificate.

Oct 6, 2023

See Details ›

Why is SSL no longer used? ›

SSL has not been updated since SSL 3.0 in 1996 and is now considered to be deprecated. There are several known vulnerabilities in the SSL protocol, and security experts recommend discontinuing its use. In fact, most modern web browsers no longer support SSL at all.

Get More Info Here ›

What does SSL stand for? ›

SSL: Secure Sockets Layer

SSL is standard technology for securing an internet connection by encrypting data sent between a website and a browser (or between two servers). It prevents hackers from seeing or stealing any information transferred, including personal or financial data.

What happens if you don't have an SSL certificate? ›

Your website needs any SSL certificate If you're asking for any personal information. But that's not all there is to it. Search engines are cracking down on perceived 'non-secure' websites. Any websites without the SSL certificate will remain http while those with encryption will show https in users' browsers.

How to attach an SSL certificate to a website? ›

For most websites, adding HTTPS to your domain usually consists of these steps:

Log in to your web hosting plan.
Choose your SSL certificate.
Activate and install your SSL certificate.
Redirect users to your HTTPS domain.

May 23, 2023

View Details ›

How do I publish an SSL certificate? ›

Go to Admin >>SSL Certificates >> IIS Binding, select the bindings and click Deploy and Bind. To save the specified details and deploy the certificate later, click Save. The server details and the respective site details will be available under Admin >>SSL Certificates >> IIS Binding.

How to manually install an SSL certificate? ›

How To Manually install an SSL Certificate

Step 1: Purchase an SSL Certificate.
Step 2: Configure your SSL Certificate.
Step 3: Generate and upload a CSR.
Step 4: Verify certificate details and click “Proceed.”
Step 5: Allow time for the certificate to validate.

Learn More ›

Upload an SSL certificate or share an SSL certificate among different Alibaba Cloud accounts - Certificate Management Service (2024)

Upload a certificate

Share a certificate

Limits

Procedure

References

FAQs

How to upload an SSL certificate? ›

Can SSL be transferred? ›