How Do I Select an SSL Certificate?
This topic describes all you want to know about how to select an SSL certificate that meets your business needs.
For more details, see Differences Between Certificate Types
Which Certificate Type Is Suitable for Me?
When you purchase SSL certificates, you can select OV, OV Pro, EV, EV Pro, DV, or DV (Basic) for Certificate Type.
- EV certificates are recommended for finance and payment service businesses. For other enterprises, OV or higher-level certificates are recommended.
- For use on mobile devices or in interface invocation, OV or higher-level certificates are recommended.
- If you do not have a business license, you can apply for only basic DV certificates.
Which Certificate Authorities Are Available?
For details about CAs supported in SCM, see the following table.
| Certificate Authority | Description |
|---|---|
| DigiCert | DigiCert, formerly Symantec, is the world's largest CA. It provides services for more than 100,000 customers in over 150 countries and regions. Advantages: High security, stability, and compatibility. Suitable for digital transactions with high security requirements and widely used by financial institutions. |
| GeoTrust | GeoTrust, the world's second largest CA, is an industry-leading provider of identity and trust validation. It is committed to offering the best service at the lowest price possible to enterprises of all sizes. Advantages: Powered by DigiCert. High security, stability, and compatibility, cost-effective, and less know-how required for HTTPS protection |
| GlobalSign | Founded in 1996, GlobalSign is one of the world's earliest CAs. A trusted CA of SSL digital certificates, they have partnered with many companies around the word. Advantages: Fast issuance and verification Widely used by large e-commerce enterprises (including HUAWEI CLOUD), supported standard RSA+ECC algorithms, less resource required for installation |
Promotion activities (using domain name www.a.com and root domain name a.com as an example)
Which Domain Type Should I Select?
You need to confirm how many domains you want to protect. In SCM, options for Domain Type can be Single domain, Multiple domains, or Wildcard.
| Parameter | Description |
|---|---|
| Single domain | Only one common domain name can be associated. If you have only one domain name, select Single domain. |
| Multiple domains |
If you have multiple domain names, select Multiple domains. Purchase domain names of the required quantity on the purchase page. |
| Wildcard domain |
If all of your domain names are at the same level, select Wildcard. |
If you want to use one SSL certificate to protect more than one wildcard domain name and more than one common domain name, you can purchase a multi-domain OV or OV Pro certificate. For more details, see How Do I Apply for a Combination Certificate?.
To purchase a wildcard-domain certificate, you need to pay attention to the domain name matching rules. Table 3 are some examples.
| Domain name | Matched Domain Name | Unmatched Domain Name |
|---|---|---|
| *.huaweicloud.com | test.huaweicloud.com, yun.huaweicloud.com, example.huaweicloud.com, and other domain names | abc.test.huaweicloud.com, yun.test.huaweicloud.com, example.test.huaweicloud.com, and other domain names |
| *.test.huaweicloud.com | abc.test.huaweicloud.com, yun.test.huaweicloud.com, example.test.huaweicloud.com, and other domain names | abc.huaweicloud.com, yun.huaweicloud.com, example.huaweicloud.com, and other domain names |
- For wildcard-domain certificates, only those associated with root domain names support the domain names. For example:
- A certificate associated with the wildcard domain *.huaweicloud.com (a root domain) protects huaweicloud.com and other domain names of the same level. No additional certificate needs to be purchased for this.
- A certificate associated with the wildcard domain *.p1.huaweicloud.com (not a root domain) will not protect p1.huaweicloud.com (a different level domain). It can only protect domain names of the same level. To protect p1.huaweicloud.com, you would need to purchase a new certificate.
- If the www subdomain is associated with a certificate, the certificate also protects the root domain. For example:
A certificate purchased for domain www.huaweicloud.com can also protect huaweicloud.com. There is no need to purchase another certificate.
- Once your digital certificate is issued, the associated domain cannot be changed.
Table 4 provides domain type selection examples.
| Example Scenario | Example Domain Name | Domain Type Selection | Quantity Selected |
|---|---|---|---|
| You have only one domain. | huaweicloud.com | Single domain | Single-domain type. The value of Quantity is fixed at 1. |
| test.huaweicloud.com | Single domain | ||
| p1.test.huaweicloud.com | Single domain | ||
| You have multiple domains. | Two domains huaweicloud.com and p1.huawei.com | Multiple domains | 2 |
| Three domains huaweicloud.com, p1.huawei.com, and p1.test.huaweicloud.cn | Multiple domains | 3 | |
| Four domains huaweicloud.com, test.huaweicloud.cn, p1.test.huaweicloud.cn, and p1.test.yun.huaweicloud.com | Multiple domains | 4 | |
| You have multiple domains at the same level. | test.huaweicloud.com, yun.huaweicloud.com, example.huaweicloud.com, and other domain names are the same level and are part of *.huaweicloud.com. | Wildcard domain | Wildcard domain type. The value of Quantity is fixed at 1. |
Did this article solve your problem?
Thank you for your score!Your feedback would help us improve the website.