Promo Center

50% off for new user

Direct Mail-46% off

Learn More

Purchase an official certificate

Updated at: 2025-02-28 06:43

After you purchase an official SSL certificate, you can submit a certificate application to the certificate authority (CA). After the CA approves your application, the CA issues the certificate.

Procedure

  1. Go to the Certificate Management Service buy page.

  2. Configure the parameters and click Buy Now to complete the payment. The following table describes the parameters.

    After you complete the payment, you can choose Comprehensive Management > Order Refund Management in the left-side navigation pane in the Certificate Management Service console to view the order instance. You can use the tag feature to add a tag to an order instance. To add a tag, find the order instance and click the image icon.

    Parameter

    Description

    Parameter

    Description

    Certificate Type

    Select the type of the domain names that you want to bind to the certificate. Valid values:

    • Single Domain: You can bind a primary domain name, a subdomain, or a public IPv4 address to a certificate. Examples: aliyundoc.com and 1.1.X.X.

      Note
      • For example, if you bind a first-level domain name, such as aliyundoc.com, to a certificate, the certificate is also applied to www.aliyundoc.com free of charge. If you bind www.aliyundoc.com to a certificate, the certificate is also applied to aliyundoc.com free of charge. This rule does not apply to Alibaba Cloud certificates.

      • You can bind IP addresses only to GlobalSign single-domain organization validated (OV) certificates.

    • Wildcard Domain: If you have multiple servers that host subdomains at the same level, you need to only purchase and install one wildcard certificate.

      The following list describes the matching rules of a wildcard domain name:

      • Only subdomains at the same level can be matched. For example, if you bind *.aliyundoc.com to a certificate, subdomains such as demo.aliyundoc.com and learn.aliyundoc.com are matched. Subdomains such as guide.demo.aliyundoc.com and developer.demo.aliyundoc.com are not matched.

      • If the primary domain name of a wildcard domain name bound to a certificate is a first-level domain name, the certificate is also applied to the primary domain name free of charge. This rule does not apply to Alibaba Cloud certificates. For example, if you apply for a certificate and bind *.aliyundoc.com to the certificate, the certificate is also applied to aliyundoc.com free of charge. If you apply for a certificate and bind *.demo.aliyundoc.com to the certificate, the certificate is not applied to demo.aliyundoc.com or aliyundoc.com free of charge.

      • When you apply for a wildcard certificate, you can bind only one wildcard domain name to the certificate. If you want to bind multiple wildcard domain names to a certificate, you can combine multiple certificates of the same brand and type to generate a multi-domain wildcard certificate. For more information, see Combine certificates.

    • Multiple Domains: You can bind up to five single domain names to a certificate.

    Brand

    Select a certificate brand. When you select a certificate brand, consider the certificate type, signature algorithm type, key length, domain name type, price, and your business requirements. If you cannot select a certificate brand based on the preceding factors, visit the Certificate Management Service product page to obtain technical support. Valid values:

    • DigiCert: DigiCert (formerly known as Symantec) is a well-known and trusted SSL certificate brand in the industry. All DigiCert certificates use prominent encryption technologies to provide enhanced security solutions for different websites and servers.

    • Alibaba Cloud: Alibaba Cloud certificates are more cost-effective than other certificate brands.

    • GlobalSign: GlobalSign is an early certificate authority (CA) in the industry. GlobalSign is a trusted CA and SSL certificate provider committed to network security authentication and digital certificate services.

    Important

    If you apply for a DigiCert certificate, you cannot enter domain names that are suffixed with special words such as .edu, .gov, .org, .jp, .pay, .bank, .live, .nuclear, or .ru. This limit does not apply to GlobalSign certificates.

    For more information, see Select an SSL certificate.

    Certificate Specifications

    Select a certificate type. Alibaba Cloud supports domain validated (DV), OV, and extended validation (EV) certificates. Different types of certificates provide different levels of security and authentication strengths, support different certificate brands, and are suitable for different types of websites.

    The following list describes the usage scenarios of the three types of certificates. For more information about the differences among the certificate types, see Select a certificate based on authentication strength and security.

    • DV SSL: DV certificates, which are suitable for personal websites used for app services, information display, enterprise testing, and personal testing.

    • OV SSL: OV certificates, which are suitable for websites used by public service sectors, small- and medium-sized enterprises, and educational institutions. Certificates of the OV_PRO SSL type use enhanced encryption algorithms.

    • EV SSL: EV certificates, which are suitable for high-privacy websites that involve transactions, payments, and privacy data, including websites used by large-sized enterprises, financial institutions and e-commerce platforms. Certificates of the EV_PRO SSL type use enhanced encryption algorithms.

    Domain Names

    Select the number of domain names that you want to bind to a certificate. This parameter is required only if you set the Certificate Type parameter to Multiple Domains.

    Quantity

    Specify the number of certificates that you want to purchase. The value is 1 by default and cannot be changed.

    Service Duration

    Select the validity period of the certificate service. Valid values:

    • 1 Year: The certificate service is valid for one year. The service provides one certificate, which is valid for one year by default. After a certificate expires, you must place an order to purchase a new certificate.

    • 2 Years: The certificate service is valid for two years. The certificate service provides two certificates that are valid for one year and a hosting quota of 1.

      For more information, see Introduction to the certificate hosting feature.

    • 3 Years: The certificate service is valid for three years. The certificate service provides three certificates that are valid for one year and a hosting quota of 2.

What to do next

After you purchase an official certificate, you can submit a certificate application to the CA. After the application is approved, the CA issues the certificate. For more information about how to apply for a certificate, see Step 2: Apply for a certificate.

Refund policies

If you select the wrong certificate type or specify incorrect information when you purchase an official certificate, you can request a refund for the purchase order. The refund is returned to the original payment account. Refunds are not supported in specific scenarios, such as scenarios in which certificates are purchased more than seven days ago and the amount is offset by using vouchers or coupons. For more information, see Request a refund for an SSL certificate.

References

  • On this page (1)
  • Procedure
  • What to do next
  • Refund policies
  • References
Feedback
phone Contact Us

Chat now with Alibaba Cloud Customer Service to assist you in finding the right products and services to meet your needs.

alicare alicarealicarealicare