Official certificates include various types and brands of certificates for different types of websites, such as personal websites, e-commerce websites, and websites of small- and large-sized enterprises. Official certificates also include wildcard certificates, multi-domain certificates, and hybrid certificates to meet different business requirements, such as protecting multiple subdomains or different domain names. This topic describes how to purchase, apply for, issue, and install an official certificate. In this example, an official certificate is deployed to Alibaba Cloud CDN.
Environment and resource preparations
A domain name is registered. In this example, example.com that is registered with Alibaba Cloud is used. The domain name is resolved by using Alibaba Cloud DNS, which is activated within the current Alibaba Cloud account.
NoteAlibaba Cloud provides a wide range of services for domain name registration. You can register a domain name on the Alibaba Cloud Domains service platform. For more information, see Register a generic domain name.
The registered domain name is added to Alibaba Cloud CDN in the Alibaba Cloud CDN console. For more information, see Add a domain name.
Step 1: Purchase a quota on SSL certificates
Log on to the Certificate Management Service console.
In the left-side navigation pane, choose .
On the Official Certificate tab, click Buy Now. On the buy page, configure the parameters and click Buy Now to complete the payment. The following table describes the parameters.
Parameter
Description
Certificate Type
Select Single Domain. You can bind a primary domain name, a subdomain, or a public IPv4 address to a certificate. Examples: example.com and 1.1.X.X.
Brand
Select Alibaba Cloud. Alibaba Cloud certificates are more cost-effective than other certificate brands.
Certificate Specifications
The default value is DV SSL. Domain validated (DV) certificates are suitable for personal websites used for app services, information display, enterprise testing, and personal testing.
Quantity
The value is 1 by default and cannot be changed. This parameter specifies a quota on SSL certificates.
Service Duration
Select 1 Year. In this case, one certificate whose validity period is one year is provided.
NoteFor more information, see Purchase SSL certificates.
Step 2: Create and apply for a certificate
Log on to the Certificate Management Service console.
In the left-side navigation pane, choose .
On the Official Certificate tab, click Create Certificate.
In the Create Certificate panel, configure the parameters and click OK. The following table describes the parameters.
After you complete the configuration, the certificate application is reviewed. You need to only wait for the certificate to be issued. In most cases, a DV certificate is issued within 1 minute to 15 minutes. The following figure shows an issued DV certificate.
Parameter
Description
Certificate Type
Select Single Domain.
Certificate Specifications
Select Alibaba DV Single Domain.
Domain Name
Enter the domain name of your website. Example: example.com.
Validity Period (Years)
The validity period of the certificate. Default value: 1.
Quick Issue
Select the check box. Then, configure the following parameters:
Domain Verification Method: In this example, example.com is resolved by using Alibaba Cloud DNS, which is activated within the current account. Therefore, the system automatically selects Automatic DNS Verification. After you complete the purchase, the system automatically verifies the ownership of the domain name. You need to only wait for the certificate to be issued.
NoteIf Alibaba Cloud DNS is not activated within the Alibaba Cloud account of the certificate applicant, you can use one of the following methods:
Manual DNS Verification: You must log on to the system of your DNS service provider. Then, you must add a TXT record for the domain name to the DNS list of the system. The TXT record must be the same as the DNS record that is provided in the Certificate Management Service console.
File Verification: You must create a specific file on the web application server of the domain name. Then, Alibaba Cloud verifies the ownership of the domain name.
For more information about the verification methods, see Step 3: Verify the ownership of a domain name.
Contact: Click Create Contact in the drop-down list to create a contact for the certificate application. You can also select an existing contact. Make sure that your contact information is accurate and valid.
Location: Select the city or region of the certificate applicant.
Encryption Algorithm: Select RSA. This parameter specifies the encryption algorithm used by the certificate.
Rivest-Shamir-Adleman (RSA) is an asymmetric algorithm that is widely used in the world and provides high compatibility.
CSR Generation: Select Automatic. In this case, Certificate Management Service uses the selected encryption algorithm to generate a Certificate Signing Request (CSR) file.
A CSR file is the request file that contains the server and company information of the certificate applicant. When you apply for a certificate, you must prepare a CSR file for the certificate authority (CA) to review.
NoteFor more information about how to create and apply for a certificate, see Apply for a certificate.
Step 3: Install the certificate
After the certificate is issued, you can install the certificate on your web server or deploy the certificate to an Alibaba Cloud service. In this example, the certificate is deployed to Alibaba Cloud CDN. For more information about how to deploy a certificate to another cloud service or to a web server, see Deploy SSL certificates.
Log on to the Certificate Management Service console.
In the left-side navigation pane, choose .
On the Official Certificate tab, find the issued certificate that you want to manage and click Deploy in the Actions column.
In the Select Resource step, click CDN and select the required resources. Then, click Preview and Submit.
The system automatically identifies and synchronizes the resources of all cloud services. If you cannot find the required resources, check whether all resources are synchronized in the Total Resources section. If resources are being synchronized, the Synchronize Cloud Resources button is displayed in gray, as shown in the following figure. Wait until the resources are synchronized. The time required for resource synchronization varies based on the number of resources within your cloud service.
In the Task Preview panel, confirm the information about the certificate and cloud service and click Submit.
The preview panel displays the number of certificates that match the cloud service and the amount of deployment quota to be consumed. If the number of certificates is 0, the certificate does not match the resources of the cloud service. In this case, the deployment task fails. Check the certificate that you selected.
Step 4: Check whether the certificate is installed
Method 1: Log on to the Alibaba Cloud CDN console. The following figure shows that the certificate is installed.
Method 2: Use the domain name bound to the certificate to access the related website.
https://yourdomain # Replace yourdomain with the domain name bound to your certificate. For example, if your domain name is example.com, the access URL is https://example.comIf the
icon appears in the address bar of your browser, the certificate is installed. Starting in Google Chrome 117, the
icon is changed to the 
icon. If the 
icon appears after you click the icon, the certificate is installed. 
References
For more information about how to troubleshoot the issue that the certificate does not take effect after installation, see After I install a certificate on a website, the certificate does not take effect or the website is reported as insecure when I access the website. What do I do?
For more information about how to manually deploy a certificate to a web application server, such as NGINX and Apache, see Manually install an SSL certificate on a web application server.