Applying to a Third-Party Organization for a Certificate

In commercial scenarios, you need to apply to a third-party organization for a certificate. The procedure is as follows:

1. Create a private key and certificate request file of the development environment and operating environment.
2. Submit the certificate request file to a third-party organization.
3. Obtain the root CA, intermediate CA, and public key certificate from the third-party organization.

   The certificate to be applied for must meet the following requirements:

   • The number of CA certificate levels must range from 2 to 14.
   • The CA certificate must contain the keyUsage field with at least the following information:

     X509v3 Key Usage:
     Certificate Sign

   • Private key: The RSA private key is supported, with a length of [3072, 4096]. The private key must be in ciphertext, and only the AES128 and AES256 encryption algorithms are supported.
   • Hash algorithm for signing: The minimum requirement is SHA256.
   • Certificate issuer name: The maximum length is 180 bytes.
   • CN in the subject information: You are advised to use the device serial number.
   • The certificate and private key must be of the PEM type.
   • The certificate must be an X.509 V3 digital certificate.
   • The X509v3 extensions of the public key certificate must be contained in the project.

     X509v3 Subject Alternative Name:
     IP Address:10.XX.XX.XX

     10.XX.XX.XX indicates the IP addresses of the development environment and operating environment.

   • Certificate expiration time: For security purposes, you are advised to set this time period to 365 days.