When you apply for a domain validated (DV), organization validated (OV), or extended validation (EV) certificate by using Certificate Management Service, you must specify the application information based on the certificate type and submit the application to the required CA for review. The information includes the domain name or IP address that you want to bind to the certificate, method for domain name ownership verification, contact, company, and business license of the company. This topic describes the information that you must specify when you apply for a certificate and the materials that you need to prepare.
Alibaba Cloud Certificate Management Service sends the application information that you submit to the certificate authority (CA) for review. The application information includes the domain name that you want to bind to the certificate and the contact information. For more information about how to apply for a certificate, see Apply for a certificate.
Required information for DV certificate application
When you apply for a DV certificate, you must configure the following parameters.
Parameter | Description |
Domains to Bind | Enter the domain name that you want to protect by using the certificate. You can move the pointer over the icon to view the number and type of supported domain names. You can also click View More to view the descriptions about how to configure this parameter. The number and type of supported domain names vary based on the specifications of your certificate. Important
|
Domain Verification Method | Select a method to verify the ownership of the domain name. If Alibaba Cloud DNS is activated within the Alibaba Cloud account of the certificate applicant, Automatic DNS Verification is automatically selected. No manual configuration is required. In this case, Alibaba Cloud automatically verifies the ownership of the domain name. If Alibaba Cloud DNS is not activated within the Alibaba Cloud account of the certificate applicant, you can use one of the following methods:
For more information about the verification methods, see Verify the ownership of a domain name. |
Contact | Select a contact to apply for the certificate. The contact information includes the email address and mobile phone number. Important After the CA receives your application, the CA sends a verification email to the email address or calls the mobile phone number to confirm the information in your certificate application. Therefore, you must make sure that the contact information is accurate and valid. If you have not created contacts, you can click Create Contact to create one. Certificate Management Service saves the created contact for you to use next time. For more information about how to create a contact, see Manage contacts. |
Location | Select the city or region where the applicant is located. |
Encryption Algorithm | Select the key algorithm for the certificate. This parameter also specifies the key algorithm that is used to automatically generate a CSR file. Valid values:
Important The ECC and SM2 algorithms are supported only by specific certificate brands and types. For more information, see Select a certificate based on the encryption algorithm. |
CSR Generation | A CSR file includes your request for a certificate. A CSR file contains the information about an SSL certificate that you want to apply for. The information includes the domain names that you want to bind to the certificate and the name and the geographical location of the certificate holder. When you submit a certificate application to a CA, you must provide a CSR. After the CA approves your certificate application, the CA uses the private key of the root CA to sign your CSR and generates a public key file. The public key file is the SSL certificate that the CA issues to you. The private key of the SSL certificate is generated when you create the CSR. Valid values:
|
CSR File | Configure this parameter only if you set CSR Generation to Manual or Select Existing CSR. Enter the content of your CSR file. |
Required information for OV certificate application
When you apply for an OV certificate, you must configure the following parameters.
Parameter | Description |
Domains to Bind | Enter the domain name that you want to protect by using the certificate. You can move the pointer over the icon to view the number and type of supported domain names. You can also click View More to view the descriptions about how to configure this parameter. The number and type of supported domain names vary based on the configuration of your certificate. Important
|
Contact | Select a contact to apply for the certificate. The contact information includes the email address and mobile phone number. Important After the CA receives your application, the CA sends a verification email to the email address or calls the mobile phone number to confirm the information in your certificate application. Therefore, you must make sure that the contact information is accurate and valid. If you have not created contacts, you can click Create Contact to create one. Certificate Management Service saves the created contact for you to use next time. For more information about how to create a contact, see Manage contacts. |
Company | Select a company profile to apply for the certificate. The company profile includes the company name, phone number, and address. If you have not created company profiles, you can click Create Company Profile to create one. Certificate Management Service saves the created contact for you to use next time. For more information about how to create a company profile, see Create a company profile. If you apply for an OV certificate for a domain name that is suffixed with .gov, make sure that the registrant contact information stored in the Whois database is consistent with the company name to specify. |
Business License | After you select a value for Company, the system automatically identifies the business license picture in the company profile. If you did not upload a business license picture when you create the company profile, the business license picture is empty. To facilitate the approval of your certificate application, we recommend that you upload the business license picture of your company. |
Encryption Algorithm | Select the key algorithm for the certificate. This parameter also specifies the key algorithm that is used to automatically generate a CSR file. Valid values:
Important The ECC and SM2 algorithms are supported only by specific certificate brands and types. For more information, see Select a certificate based on the encryption algorithm. |
CSR Generation | A CSR file includes your request for a certificate. A CSR file contains the information about an SSL certificate that you want to apply for. The information includes the domain names that you want to bind to the certificate and the name and the geographical location of the certificate holder. When you submit a certificate application to a CA, you must provide a CSR. After the CA approves your certificate application, the CA uses the private key of the root CA to sign your CSR and generates a public key file. The public key file is the SSL certificate that the CA issues to you. The private key of the SSL certificate is generated when you create the CSR. Valid values:
|
CSR File | Configure this parameter only if you set CSR Generation to Manual or Select Existing CSR. Enter the content of your CSR file. |
Required information for EV certificate application
When you apply for an EV certificate, you must configure the following parameters. The following table describes only the key parameters.
Parameter | Description |
Domains to Bind | Enter the domain name that you want to protect by using the certificate. You can move the pointer over the icon to view the number and type of supported domain names. You can also click View More to view the descriptions about how to configure this parameter. The number and type of supported domain names vary based on the configuration of your certificate. Important
|
Contact | Select a contact to apply for the certificate. The contact information includes the email address and mobile phone number. Important After the CA receives your application, the CA sends a verification email to the email address or calls the mobile phone number to confirm the information in your certificate application. Therefore, you must make sure that the contact information is accurate and valid. If you have not created contacts, you can click Create Contact to create one. Certificate Management Service saves the created contact for you to use next time. For more information about how to create a contact, see Manage contacts. |
Company | Select a company profile to apply for the certificate. The company profile includes the company name, phone number, and address. If you have not created company profiles, you can click Create Company Profile to create one. Certificate Management Service saves the created contact for you to use next time. For more information about how to create a company profile, see Create a company profile. If you apply for an OV certificate for a domain name that is suffixed with .gov, make sure that the registrant contact information stored in the Whois database is consistent with the company name to specify. |
Business License | After you select a value for Company, the system automatically identifies the business license picture in the company profile. If you did not upload a business license picture when you create the company profile, the business license picture is empty. To facilitate the approval of your certificate application, we recommend that you upload the business license picture of your company. |
Encryption Algorithm | Select the key algorithm for the certificate. This parameter also specifies the key algorithm that is used to automatically generate a CSR file. Valid values:
Important The ECC and SM2 algorithms are supported only by specific certificate brands and types. For more information, see Select a certificate based on the encryption algorithm. |
CSR Generation | A CSR file includes your request for a certificate. A CSR file contains the information about an SSL certificate that you want to apply for. The information includes the domain names that you want to bind to the certificate and the name and the geographical location of the certificate holder. When you submit a certificate application to a CA, you must provide a CSR. After the CA approves your certificate application, the CA uses the private key of the root CA to sign your CSR and generates a public key file. The public key file is the SSL certificate that the CA issues to you. The private key of the SSL certificate is generated when you create the CSR. Valid values:
|
CSR File | Configure this parameter only if you set CSR Generation to Manual or Select Existing CSR. Enter the content of your CSR file. |