How Can I Apply for a Free SSL Certificate?
In HUAWEI CLOUDSCM, you can get free single-domain basic DV certificates issued by DigiCert. The validity period of such free certificates is one year.
Prerequisites
The account for purchasing a certificate has the SCM Administrator, BSS Administrator, and DNS Administrator permissions.
Constraints
- You can apply for a maximum of 20 free SSL certificates under each account. In SCM, only one free certificate can be applied for at a time.
- Deleted certificates, revoked certificates, certificates that failed to be purchased due to overdue bills, and purchased certificates that are deleted without being applied for from CA are all counted towards the free certificate quota.
- Your account and the IAM users created under your account share the quota of the 20 free certificates. For example, if an account has applied for 20 free certificates, no free certificate can be applied for by the account and the IAM users created using this account.
- One free SSL certificate can be used for only one single domain name.
- Free certificates cannot be used to protect IP addresses or wildcard domain names.
- By default, DNS verification is used to verify the domain ownership of a free certificate.
- The trust and security level of free certificates are low. They are recommended only for testing.
- For DigiCert DV (Basic) free certificates, no free technical support or installation guide is provided. To get technical support, you can purchase the HTTPS service in Marketplace on HUAWEI CLOUD website.
Step 1: Buy a Certificate
- Log in to the management console.
- Click
in the upper left corner of the page and choose . The service console is displayed. - In the navigation pane on the left, choose SSL Certificate Manager. The SSL Certificate Manager page is displayed.
- In the upper right corner of the page, click Buy Certificate to go to the certificate purchase page.
- On the certificate purchase page, set parameters.
- Certificate Type: Select DV (Basic).
- Certificate Authority: Select DigiCert.
- After you select a certificate type and CA, other parameters, such as Domain Type, Domain Quantity, Validity Period, and Quantity, are configured automatically.
Figure 1 Free certificate configuration
- Click Next.
- Confirm the order information and agree to the SCM disclaimer by selecting I have read and agree to the SSL Certificate Manager Disclaimer. Click Pay.
- On the displayed page, select a payment method.
After the payment is complete, go back to the certificate list to view the purchased certificate.
Step 2: Apply for the Certificate from the CA
After you purchase a certificate, you need to associate a domain name, provide additional details, and then submit the application for approval.
- Log in to the management console.
- Click in the upper left corner of the page and choose . The service console is displayed.
- In the navigation pane on the left, choose SSL Certificate Manager. The SSL Certificate Manager page is displayed.
- In the certificate list, locate the row that contains the free certificate, and click Apply for Certificate in the Operation column.
- On the displayed page, enter the domain name and contact information.
- Enter the domain name information. Table 1 describes the parameters. Figure 2 Domain name configuration
Table 1 Domain name parameters Parameter
Description
Example Value
CSR
To obtain an SSL certificate, a Certificate Signing Request (CSR) file needs to be submitted to the CA for review. A CSR contains a public key and a distinguished name (DN). Typically, a CSR is generated by a web server. A pair of public and private keys are created along with the CSR.
Options:- System generated CSR: The system automatically generates a certificate private key. Once the certificate is issued, you can download your certificate and private key on the certificate management page.
- Upload a CSR: You need to manually generate a CSR file and paste the content of the CSR file generated into the text box. For more details, see How Do I Make a CSR File?
System generated CSR
Domain Name
The domain name for which the certificate is used
Example: If your domain is www.domain.com, enter www.domain.com for Domain Name.
If you need to bind a Chinese domain name, use encoding tool Punycode to encode the Chinese domain name and then enter the encoded data. For example, if the encoded data is xn--siq1ht8k.com, set this parameter to xn--siq1ht8k.com.
www.domain.com
- Click Next. The Provide Organization/Authorization Details page is displayed.
- Enter the company contact information. Table 2 describes the parameters. Figure 3 Configuring authorization information
Table 2 Parameter description Parameter
Description
Example Value
Company Contact/Authorizing Person Information
You only need to enter the name, phone number, and email address of the contact.
To get your certificate issued quickly, the phone number and email address entered must be valid.
None
(Optional) Technical Contact Information
The parameter is optional. You can skip it.
None
- Enter the domain name information. Table 1 describes the parameters.
- After confirming that the entered information is correct, read through the SSL Certificate Manager Disclaimer, Privacy Statement, and the authorization statement, and check the box to agree to the disclaimer and statements
- Click Submit.
The system will submit your application to the CA. During the approval process, make sure that you can be reached by phone and that you regularly check for emails from the CA.
Step 3: Verify Domain Ownership by DNS
Domain name ownership verification by DNS is to verify domain ownership by resolving a specific DNS record on the platform hosting the domain name. To this end, you need to add a TXT DNS record for your domain name on the platform. For example, if you purchase a domain name from company A, you need to add a TXT DNS record for your domain name on the domain name management platform of company A. For details about how to verify domain name ownership by DNS, see Verifying Domain Ownership by Resolving the DNS TXT Record.
- If you apply for a domain name on HUAWEI CLOUD and the domain name has been resolved by HUAWEI CLOUD DNS, the system automatically adds DNS records for verification.
- If your domain name is hosted on other platforms, such as www.net.cn, www.xinnet.com, and www.dnspod.cn, you need to go to the DNS service provider of the domain name to perform the verification.
For more details, see DNS Verification.
After the certificate application succeeds, you need to complete the configuration of domain name verification based on the information displayed on the certificate list page. Otherwise, your certificate will remain in the Pending domain name verification state and will fail in the verification.
Step 4: Issue the Certificate
After the domain name ownership is verified using DNS, it takes some time for the CA to approve your application. The certificate will be issued after being approved by the CA.
The certificate takes effect immediately upon issuance. You can push the certificate to other cloud products on HUAWEI CLOUD or download the certificate and deploy it on a server.
- 0 to 1 hour after the application is submitted: The CA checks the verification status every 15 minutes. Generally, if the configuration is correct, the certificate is issued within 10 to 20 minutes.
- 1 to 4 hours after the application is submitted: The CA checks the verification every 30 minutes.
- 4 to 24 hours after the application is submitted: The CA checks the verification every hour.
- 1 to 7 days after the application is submitted: The CA checks the verification every 4 hours.
- If you did not complete the required verification over 7 days after the application is submitted, the order times out and is automatically canceled. In this case, locate the causes and solve the problem by referring to Why Does the Certificate Stay in the CA Verifying Status for a Long Time?
Did this article solve your problem?
Thank you for your score!Your feedback would help us improve the website.