This topic introduces the terms that are related to SSL certificates and the services that are provided to manage SSL certificates. SSL certificates refer to server certificates.
Alibaba Cloud SSL certificates are trusted credentials that are issued by well-known certificate authorities (CAs). The CAs are certified by WebTrust. You can use SSL certificates to verify the identity of your website and encrypt data in transmission.
SSL certificates adopt the public key cryptography. An SSL certificate uses a key pair and an algorithm such as Rivest-Shamir-Adleman (RSA), elliptic curve cryptography (ECC), or SM to encrypt and decrypt data. For more information, see Select a certificate based on the encryption algorithm and What is a public key and a private key?
HTTP cannot be used to encrypt data. During HTTP transmission, data leaks, data tampering, or phishing attacks may occur. After you install an SSL certificate on your web server, you can establish HTTPS-encrypted connections between your web server and website. This ensures the security of your website and data transmission.
Alibaba Cloud Certificate Management Service supports certificate purchase and issuance. Certificate Management Service also provides value-added services. The following table describes the value-added services.
Service | Description | References |
Quick deployment of certificates to Alibaba Cloud services | You can create a certificate deployment task in the Certificate Management Service console to deploy a certificate to an Alibaba Cloud service immediately or at a specific point in time. You can deploy a certificate to the following Alibaba Cloud services: Web Application Firewall (WAF), Application Load Balancer (ALB), and Network Load Balancer (NLB). | |
Quick deployment of certificates to Alibaba Cloud servers | You can create a certificate deployment task in the Certificate Management Service console to upload the related files of a certificate to the specified directory of a cloud server, or upload the files to replace the existing certificate-related files in the directory. This way, the certificate can be used by web applications that are hosted on the cloud server. This prevents errors and complex operations when the certificate is manually downloaded or uploaded. | |
Quick deployment of certificates to third-party cloud services | You can deploy a certificate to a third-party cloud service by using Certificate Management Service. This simplifies certificate migration and configuration. Specific cloud services of Amazon Web Services (AWS), Tencent Cloud, and Huawei Cloud are supported. | |
Management of third-party certificates free of charge | You can upload a certificate that is purchased from and issued by a third-party certificate service provider to the Certificate Management Service console for centralized management. | |
Hosting for certificates | A certificate that is issued by a CA is valid for up to 397 days. After the certificate expires, you must manually renew and update the certificate. To prevent your business from being affected when your certificate is not renewed, Certificate Management Service provides the certificate hosting feature. If the remaining validity period of a certificate that is issued and uploaded is less than 30 calendar days, the system automatically applies for a new certificate. | |
Signature generation and signature verification for certificates | You can use certificate application repository-related API operations to encrypt, decrypt, or sign sensitive data such as data in electronic contracts and electronic invoices, or verify signatures. This helps ensure the authenticity, integrity, and security of data files. | |
Custom notifications for certificates | You can use the notification feature to configure expiration notification policies for issued certificates. You can also configure notification policies for alerts that are triggered at core stages in the certificate lifecycle, such as certificate download and revocation. In addition, you can specify whether to receive the latest updates and announcements of Certificate Management Service, and the updates and changes to intermediate and root certificates. This helps provide support for your O&M operations. |