1e41f4b71Sopenharmony_ci# Certificate Management Overview
2e41f4b71Sopenharmony_ci
3e41f4b71Sopenharmony_ciThe **certManager** module provides system-level certificate management capabilities to implement management and secure use of certificates throughout their lifecycle (installation, storage, use, and destruction).
4e41f4b71Sopenharmony_ci
5e41f4b71Sopenharmony_ci## Basic Concepts
6e41f4b71Sopenharmony_ci
7e41f4b71Sopenharmony_ci- Certificate: a file that is signed by a Certificate Authority (CA) and contains the public key owner information and public key. X.509 is a common certificate format.
8e41f4b71Sopenharmony_ci- Credential: private key corresponding to the public key in a certificate.
9e41f4b71Sopenharmony_ci- Keystore file: a file that contains the certificate and credential. PKCS#12 (.p12) is a common keystore file format.
10e41f4b71Sopenharmony_ci- Signature: ciphertext obtained by encrypting the message digest using the private key of an asymmetric key pair.
11e41f4b71Sopenharmony_ci- Signature verification: a process involving decrypting the signature using the signer's public key, generating a hash from the data received, and comparing the generated hash with the original hash. If the two hashes match, the signature is valid, which means the signed data has not been changed.
12e41f4b71Sopenharmony_ci
13e41f4b71Sopenharmony_ci### Certificate Lifecycle Management
14e41f4b71Sopenharmony_ci
15e41f4b71Sopenharmony_ciYou can use the APIs provided by the **certManager** module to implement lifecycle management of service certificates and CA certificates. The certificate lifecycle management involves the following:
16e41f4b71Sopenharmony_ci
17e41f4b71Sopenharmony_ci- Certificate installation: You can use **install()** to pass in a certificate.
18e41f4b71Sopenharmony_ci- Certificate storage: The **certManager** module stores the installed certificate in a directory of the certificate manager service. The private key credential corresponding to the certificate is stored in the HUKS module.
19e41f4b71Sopenharmony_ci- Certificate usage: You can obtain a certificate file and perform service-related operations, and use the APIs provided by **certManager** module to implement signing and signature verification with the certificate and private key.
20e41f4b71Sopenharmony_ci- Certificate destruction: You can use APIs to destroy one or more certificates or credentials stored in the directory of the certificate manager service.
21e41f4b71Sopenharmony_ci
22e41f4b71Sopenharmony_ci## Constraints
23e41f4b71Sopenharmony_ci  
24e41f4b71Sopenharmony_ciCurrently, only service certificates can be used, and only the private credentials using the RSA or ECC algorithm can be installed and used.
25