Prerequisites

The account for purchasing a certificate has the SCM Administrator and BSS Administrator permissions.

Step 1: Buy a Certificate

1. Log in to the management console.
2. Click in the upper left corner of the page and choose Security & Compliance > Cloud Certificate Management Service. The service console is displayed.
3. In the navigation pane on the left, choose SSL Certificate Manager. In the upper right corner of the page, click Buy Certificate.
4. On the Buy Certificate page, set parameters as required. Table 1 describes the parameters.

   Table 1 Parameters for purchasing a certificate

   Parameter	Description
   Certificate Type	Certificate type Select DV (Basic).
   Certificate Authority	Certificate authorities Select GeoTrust.
   Domain Type	Domain name type. You can select Single domain or Wildcard as needed. Single domain: You can associate only one domain with a certificate. The domain can be a second-level domain like domain.com or a third-level domain like example.domain.com. Any subdomains of the domain cannot be protected. For example, if you associate domain.com with a certificate, the certificate does not protect any subdomains, such as ssl.domain.com or ssl.ssl.domain.com. Wildcard: You can associate only one wildcard domain with a certificate. Only one wildcard character (*) can be contained in the wildcard domain, for example, *.domain.com or *.example.domain.com. *.*.domain.com is not supported. For details about the domain names supported by wildcard-domain certificates, see What Domains Can Wildcard-Domain Certificates Support?
   Domain Quantity	Quantity of selected domain quantity selected You do not need to set this parameter. It is fixed at 1.
   Period of validity	Certificate validity period Currently, the validity period of a certificate can be set to 1 year. A certificate takes effect upon issuance. The certificate issuance time refers to the time when the certificate is officially issued by the CA. You need to buy a new one after the certificate expires.
   Quantity	Set the number of certificates. You can set the quantity as required.

5. Click Next.

   If you have any questions about the pricing, click Pricing Details.

6. Confirm the order information and agree to the SCM disclaimer by selecting I have read and agree to the SSL Certificate Manager Disclaimer. Click Pay.
7. On the displayed page, select a payment method.

   After the payment is complete, go back to the certificate list to view the purchased certificate.

Step 2: Apply for the Certificate from the CA

After you purchase a certificate, you need to associate a domain name, provide additional details, and then submit the application for approval.

For details, see Applying for a Certificate.

In the Domain Name Information dialog box, select DNS for Domain Name Verification Method.

Step 3: Verify Domain Ownership by DNS

You are required to verify domain ownership on the platform hosting your domain name by resolving a specific DNS record.

After the certificate application succeeds, you need to complete the configuration of domain name verification based on the information displayed on the certificate list page. Otherwise, your certificate will remain in the Pending domain name verification state and will fail in the verification.

For more details, see How Do I Verify Domain Ownership by DNS?

Step 4: Issue the Certificate

After the domain name ownership is verified using DNS, it takes some time for the CA to approve your application.

The certificate will be issued after being approved by the CA. The certificate takes effect upon issuance. You can push the certificate to other HUAWEI CLOUD services or download the certificate and deploy it on a server.