- Print
- PDF
Private CA scenario
- Print
- PDF
Available in Classic and VPC
You can easily and conveniently perform all steps from creating (issuing) private CAs and certificates to revoking them at NAVER Cloud Platform's Private CA. You can see how to do so in Getting started with Private CA and Using Private CA, but we recommend you to look at the Private CA usage scenario first. Reading the guide after learning the usage scenario will allow you to use Private CA more smoothly. The overall sequence of using Private CA and description of each sequence are as follows.
1. Set management permissions
2. Create and manage private CAs
3. Issue private certificate
4. Revoke private certificate
5. Delete private CA
1. Set management permissions
It's important to consider you configure the CA and certificate management permissions since private CAs and certificates must be managed securely and safely. You can create sub accounts in addition to the main user account in Private CA and set various management and administration permissions for Private CA.
The Sub Account product is provided free of charge upon subscription request. For an introduction on Sub Account and more details about pricing plans, refer to the Service > Management & Governance > Sub Account menu in the NAVER Cloud Platform portal.
You can use sub accounts provided by Sub Account to configure admin permissions and individual user permissions of Private CA. You have the permission to use and manage all the CA resources within a Private CA with the admin permission. This can be set in Sub Account. With the individual user permission, you can only use and manage the CAs assigned to you. This can be set in Private CA, by clicking the [Manage permissions] button.
You can refer to following guides:
- Manage permissions in Using Private CA
- Sub Account permission management guide
2. Create and manage private CAs
Once you've completed setting management and administration permissions for private CAs and certificates, create a private CA. You can create root CAs and intermediate CAs in Private CA. An intermediate CA can be created by using the Parent CA specification method or the Direct signature method. If you're creating one with the Direct signature method, then you have to register the certificate separately after signing it. You can also separately set the OCSP feature provided by Private CA to the private CA created.
Meanwhile, a created CA's status can be Activated, Deactivated, Registration pending, Expired, To be destroyed, and Destroyed, depending on its operation status. There are different features available for each status. You can refer to following guides:
- Create private CA in Using Private CA
- Manage OCSP in Using Private CA
- CA status in Using Private CA
3. Issue private certificate
You can issue, view, and manage private certificates from a CA created. You can also view the list of private certificate serial numbers created by each CA, and download the certificates you want in a PEM file to the local PC.
You can refer to following guides:
- Issue private certificate in the Using Private CA guide
4. Revoke private certificate
You can revoke private certificates that have been issued and used at the user's request. The revocation is not caused by the certificate's validity period expiration, so it will be registered to the certificate revocation list (CRL) as soon as it's revoked. The revocation can't be canceled, so proceed with caution.
You can refer to following guides:
- Revoke private certificate in Using Private CA
4. Delete private CA
If you want, you can request deletion of a private CA that has been created and in operation by clicking the [Request deletion] button from the Private CA page. The private CA whose deletion is requested is automatically deleted after 72 hours of receiving the deletion request. If you want to delete it immediately instead of waiting for 72 hours for it to be deleted, then click the [Delete now] button which appears after the deletion request is made.
The deletion after the 72-hour grace period and immediate deletion will both include any lower-level CAs and certificates issued by the deleted CA. The certificates' operation and expiration status won't be considered. Once the CA is deleted, it can't be recovered since its private keys are permanently deleted. Decide carefully before proceeding with deletion. The deleted CA is no longer trusted, and all issued certificates can't be used for authentication.
You can refer to following guides:
- Request deletion in Using Private CA