Certificate and Private Key
Overview
It is recommended that you use Baidu AI Cloud Certificate Application Service. The certificate successfully applied will be automatically imported to the Certificate Management service in a highly encrypted form. You can use the certificate selection function of different services to select the corresponding certificate to quickly deploy services.
If you added a third-party certificate in Certificate Management, please read the following to ensure that the content and format of the certificate and private key are correct.
Certificate
Before uploading the certificate, the user needs to ensure the certificate format:
The certificate extension is usually ".pem", ".crt" or ".cer". Open the certificate file in a text editor.
- The certificate starts with
----- BEGIN CERTIFICATE -----
and ends with----- END CERTIFICATE -----
; - 64 characters per line, the last line should not exceed 64 characters.
- The certificate content does not contain spaces.
- Certificate needs to be valid (certificate start time <=validity period <=certificate expiration time)
An example of a certificate in PEM format is shown in the figure:
If the certificate is issued by an intermediate CA, the certificate file you receive contains multiple certificates, and the server certificate and the intermediate certificate need to be spliced together and uploaded manually.
- The stitching rules are: Put the server certificate first and the middle certificate second. Separate them with newline characters in the middle. Do not have blank lines.
- Under normal circumstances, when the organization issues a certificate, there will be a corresponding description, please pay attention to the rules description.
The stitching format is as follows:
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
Private Key
The private key extension is usually ".pem" or ".key". You can open the private key file in a text editor.
- The private key format starts with
----- BEGIN RSA PRIVATE KEY -----
and ends with----- END RSA PRIVATE KEY -----
. - The private key cannot be encrypted, that is, you cannot add a password parameter when executing the command to generate the private key.
- The middle content has 64 characters per line, and the last line can be less than 64 characters.
An example of a private key in PEM format is shown in the figure:
Note:
If your private key is encrypted, such as the beginning and end of the private key are ----- BEGIN PRIVATE KEY -----, ----- END PRIVATE KEY ----- or ---- -BEGIN ENCRYPTED PRIVATE KEY -----, ----- END ENCRYPTED PRIVATE KEY -----, or the private key contains Proc-Type: 4, ENCRYPTED, you need to run the following command to convert:
openssl rsa -in old_server_key.pem -out new_server_key.pem