Prerequisites

The account for purchasing a certificate has the SCM Administrator, BSS Administrator, and DNS Administrator permissions.

Constraints

• If you need to use this certificate, click Service Tickets > Create Service Ticket in the upper right corner of the management console and submit a service ticket to apply for the certificate. Currently, the CFCA certificates cannot be purchased on the SCM console.
• For OV, OV Pro, EV, or EV Pro SSL certificates, organization verification is required. If the verification cannot be completed due to certain reasons, such certificates will fail to issue. For example, special organizations, such as military units, special government agencies, and state secrecy units, cannot use those types of certificates because their unified social organization code cannot be queried on the official website.
• Currently, SSL certificates can be bound only to English domain names.
• The seven-day unconditional refund policy applies to SSL certificate. If you use a cash coupon to purchase a certificate, the amount deducted using the cash coupon cannot be refunded. To unsubscribe from the certificate within seven days after purchasing it, click Service Tickets > Create Service Ticket in the upper right corner of the management console.

  No refunds are allowed 7 days after the purchase.

• SCM supports only SSL certificates with a validity period of one year. The validity period of a certificate starts from the date when the certificate is issued. After the certificate expires, you need to purchase a new certificate and complete the certificate application process.

Application Scenarios

• If you need a certificate bound with an IP address, purchase a single-domain OV certificate of GlobalSign. For more about the detailed operations, see Example 2: Applying for an IP Address Certificate.
• If you need a free certificate for testing, purchase a DigiCert DV (Basic) certificate. For more about the detailed operations, see Example 1: Applying for a Free Certificate.

Procedure

1. Log in to the management console.
2. Go to the SCM purchase page.
   Figure 1 Navigation path for entering the SSL Certificate Manager purchase page
   

3. Specify values for Certificate Type, Certificate Authority, Domain Type, Domain Quantity, and Validity Period.
   Figure 2 Specifying details
   
   1. Select a certificate type.

      The following certificate types are available:

      • Organization Validation (OV) SSL certificates

        OV certificates are recommended for small- and medium-sized companies and e-commerce businesses. The CA usually takes three to five working days to review the request.

      • OV Pro SSL certificates

        OV Pro certificates are recommended for small- and medium-sized enterprises that have high requirements on data security. The CA usually takes three to five working days to review the request.

      • EV: Extended Validation (EV) SSL certificate

        EV certificates are recommended for large enterprises with higher security requirements. The CA manually reviews the information. If the information is correct, the approval period takes seven to ten working days.

      • EV Pro SSL certificates

        EV Pro certificates are recommended for institutions and organizations in the finance industry that have higher security requirements, such as insurance companies and banks, with higher security requirements than that of other industries. The CA usually takes seven to ten working days to review the request.

      • DV SSL certificates

        DV certificates are recommended for personal website and enterprise tests. The CA system automatically verifies the domain owner through DNS verification. Generally, a testing DV certificate can be issued within several hours.

      • DV (Basic): Basic Domain Validation (DV) SSL certificate

        Basic DV certificates include GeoTrust entry-level SSL certificates and DigiCert free SSL certificates.

        It is suitable for non-commercial scenarios, such as individual and enterprise testing purposes. The CA's certificate issuing system automatically checks authorization configuration. Generally, the system can issue the certificate within several hours.

   2. Select a certificate authority.

      GeoTrust, DigiCert, and GlobalSign are available CAs in SCM.

   3. Select a domain type.

      Currently, you can select Single domain, Multiple domains, or Wildcard. For parameters, see Table 1.

      Table 1 Domain types

      Domain Type	Description
      Single domain	Only a single domain can be associated with a certificate. The domain can be a second-level domain like domain.com or a third-level domain like example.domain.com. Any subdomains of the domain cannot be protected. For example, if you associate domain.com with a certificate, the certificate does not protect any subdomains, such as ssl.domain.com or ssl.ssl.domain.com.
      Multiple domains	You can add multiple domains, including single domains, to one certificate. For example, if you purchase a multi-domain certificate, you can use the certificate to protect domains example.com, example.cn, and test.com. NOTE: If the Certificate Type is set to OV or OV Pro, multiple single domains and multiple wildcard (*) domains can be added to one certificate. For example, if you purchase a multi-domain certificate, you can use the certificate to protect domains *.example.com, example.cn, and test.com. A maximum of 100 domains can be associated.
      Wildcard domain	Only one wildcard domain can be associated with a certificate. Only one wildcard character (*) can be contained in a wildcard domain, for example, *.domain.com or *.example.domain.com. Domains like *.*.domain.com are not supported.
      For details about how to select a domain type, see How Do I Select an SSL Certificate?

   4. Set the domain quantity.
      • If the Domain Type value is Single domain or Wildcard, you can only associate one domain name with a certificate.
      • If the Domain Type value is Multiple domains, you can associate 2 to 100 domain names with a certificate. Set the quantity of domains based on your needs.

        The following conditions must be met:

        • The number of primary domains is fixed at 1.
        • The number of additional single domains must be greater than or equal to 1.
        

        If you are purchasing a multi-domain OV or OV Pro certificate, the number of domains must meet the following conditions:

        • The primary domain name quantity is fixed at 1, and a primary domain name must be a single domain name.
        • The number of additional single domains and additional wildcard domains must be greater than or equal to 1.

        Example: To associate *.example.com, example.cn, and test.com3 with a single SSL certificate, specify Domain Quantity as shown in Figure 3.

        One primary domain, one additional single domain name, and one additional wildcard domain

        Figure 3 Domain Quantity
        
   5. Set Validity Period. The default value is 1 year.

      A certificate takes effect upon issuance. The certificate issuance time refers to the time when the certificate is officially issued by the CA.

      After your old certificate expires, purchase a new certificate and complete the certificate application process.

   6. Set the Quantity.

      You can purchase multiple certificates as needed.

4. Click Next.

   If you have any questions about the pricing, click Pricing Details.

5. Confirm the order information and agree to the SCM disclaimer by selecting I have read and agree to the SSL Certificate Manager Disclaimer. Click Pay.
6. On the displayed page, select a payment method.

   After the payment is complete, go back to the certificate list to view the purchased certificate.

Follow-up Procedure

After purchasing an SSL certificate, you need to apply for the certificate on the SCM console to request for approval from the CA. After being approved by the CA, the certificate will be issued.

For details about how to apply for the certificate, see Apply for the Certificate.

The certificate takes effect immediately upon issuance. Then you can directly push the certificate to other HUAWEI CLOUD services or download and install the certificate.