All Products
Search
Document Center

Certificate Management Service:Purchase SSL certificates

Last Updated:Dec 19, 2024

SSL certificates are used to encrypt the data that is transmitted between web servers and clients by using HTTPS. This prevents data from being tampered with or leaked. Alibaba Cloud provides various brands and types of certificates to meet the business requirements of different users. You can select a certificate based on your budget, domain name type, and website type.

Procedure

  1. Log on to the Certificate Management Service buy page.

  2. Configure the parameters and click Buy Now to complete the payment. The following table describes the parameters.

    After you complete the payment, you can choose Comprehensive Management > Order Refund Management in the left-side navigation pane in the Certificate Management Service console to view the order instance. You can use the tag feature to add a tag to an order instance. To add a tag, find the order instance and click the image icon.

    Parameter

    Description

    Certificate Type

    Select the type of the domain names that you want to bind to the certificate. Valid values:

    • Single Domain: You can bind a primary domain name, a subdomain, or a public IPv4 address to a certificate. Examples: aliyundoc.com and 1.1.X.X.

      Note
      • For example, if you bind a first-level domain name, such as aliyundoc.com, to a certificate, the certificate is also applied to www.aliyundoc.com, which is free of charge. If you bind www.aliyundoc.com to a certificate, the certificate is also applied to aliyundoc.com free of charge. This rule does not apply to Alibaba Cloud certificates.

      • You can bind IP addresses only to GlobalSign single-domain organization validated (OV) certificates.

    • Wildcard Domain: If you have multiple servers that host subdomains at the same level, you need to only purchase and install one wildcard certificate. You do not need to purchase and install a certificate for each subdomain.

      The following list describes the matching rules of a wildcard domain name:

      • Only subdomains at the same level can be matched. Subdomains at different levels cannot be matched. For example, if you bind *.aliyundoc.com to a certificate, subdomains such as demo.aliyundoc.com and learn.aliyundoc.com are matched. Subdomains such as guide.demo.aliyundoc.com and developer.demo.aliyundoc.com are not matched.

      • If the primary domain name of a wildcard domain name that is bound to a certificate is a first-level domain name, the certificate is also applied to the primary domain name, which is free of charge. This rule does not apply to Alibaba Cloud certificates. For example, if you apply for a certificate and bind *.aliyundoc.com to the certificate, the certificate is also applied to aliyundoc.com, which is free of charge. If you apply for a certificate and bind *.demo.aliyundoc.com to the certificate, the certificate is not applied to demo.aliyundoc.com or aliyundoc.com domain name free of charge.

      • When you apply for a wildcard certificate, you can bind only one wildcard domain name to the certificate. You cannot bind multiple wildcard domain names to the certificate. If you want to bind multiple wildcard domain names to a certificate, you can combine multiple certificates of the same brand and type to generate a multi-domain wildcard certificate. For more information, see Combine certificates.

    • Multiple Domains: You can bind up to five single domain names to a certificate.

    Brand

    Select a certificate brand. When you select a certificate brand, consider the certificate type, signature algorithm type, key length, domain name type, price, and your business requirements. If you cannot select a certificate brand based on the preceding factors, visit the Certificate Management Service product page to obtain technical support.

    • DigiCert: DigiCert (formerly known as Symantec) is a well-known and trusted SSL certificate brand in the industry. All DigiCert certificates use prominent encryption technologies to provide enhanced security solutions for different websites and servers.

    • Alibaba Cloud: Alibaba Cloud certificates are more cost-effective than other certificate brands.

    • GlobalSign: GlobalSign is an early certificate authority (CA) in the industry. GlobalSign is a trusted CA and SSL certificate provider committed to network security authentication and digital certificate services.

    For more information, see Select an SSL certificate.

    Certificate Specifications

    Select a certificate type. Alibaba Cloud supports the following types of certificates: domain validated (DV) certificates, OV certificates, and extended validation (EV) certificates. Different types of certificates provide different levels of security and authentication strengths, support different certificate brands, and are suitable for different types of websites.

    The following list describes the usage scenarios of the three types of certificates. For more information about the differences among the certificate types, see Select a certificate based on authentication strength and security.

    • DV SSL: DV certificates. DV certificates are suitable for personal websites used for app services, information display, enterprise testing, and personal testing.

    • OV SSL: OV certificates. OV certificates are suitable for websites used by public service sectors, small- and medium-sized enterprises, and educational institutions. Certificates of the OV_PRO SSL type use enhanced encryption algorithms.

    • EV SSL: EV certificates. EV certificates are suitable for high-privacy websites that involve transactions, payments, and privacy data, including websites used by large-sized enterprises, financial institutions and e-commerce platforms. Certificates of the EV_PRO SSL type use enhanced encryption algorithms.

    Important

    Only certificates of the OV SSL type support domain names that are suffixed with special words, such as edu, .gov, .org, .pay, .bank, .live, and .nuclear.

    Domain Names

    Select the number of domain names that you want to bind to a certificate. This parameter is required only if you set the Certificate Type parameter to Multiple Domains.

    Quantity

    Specify the number of certificates that you want to purchase. The value is 1 by default and cannot be changed.

    Service Duration

    Select the validity period of the certificate service. Valid values:

    • 1 Year: The certificate service is valid for one year. The service provides one certificate, which is valid for one year by default. After a certificate expires, you must place an order to purchase a new certificate.

    • 2 Years: The certificate service is valid for two years. The certificate service provides two certificates and a hosting quota of 1. Each certificate is valid for one year.

      For more information about the certificate hosting feature, see Introduction to the certificate hosting feature.

    • 3 Years: The certificate service is valid for three years. The certificate service provides three certificates and a hosting quota of 2. Each certificate is valid for one year.

What to do next

After you purchase a certificate, you can submit a certificate application to the CA. After the application is approved, the CA issues the certificate. For more information about how to apply for a certificate, see Apply for a certificate.

References