Updated on 2024-06-18 GMT+08:00

How Can I Apply for a Free SSL Certificate?

In SCM, you can get free single-domain basic DV certificates issued by DigiCert. The validity period of such free certificates is one year.

Constraints

  • You can apply for a maximum of 20 free SSL certificates under each account. In SCM, only one free certificate can be applied for at a time.
    • Deleted certificates and revoked certificates are all counted towards the free certificate quota.
    • Your account and the IAM users created under your account share the quota of the 20 free certificates. For example, if an account has applied for 20 free certificates, no free certificate can be applied for by the account and the IAM users created using this account.
    • If your account has used up the quota of 20 free SSL certificates but you still want to apply for more free SSL certificates, purchase the DigiCert DV (basic) single-domain certificate package to increase your free certificate quota. For details, see What Can I Do If My Free Certificate Quota Is Used Up?
  • One free SSL certificate can be used for only one single domain name.
  • Free certificates cannot be used to protect IP addresses or wildcard domain names.
  • By default, DNS verification is used to verify the domain ownership of a free certificate.
  • The trust and security level of free certificates are low. They are recommended only for testing.
  • For DigiCert DV (Basic) free certificates, no free technical support or installation guide is provided.
  • A free certificate is valid for one year and cannot be renewed. After a free certificate expires, it cannot be used anymore. If you still need an SSL certificate, create one in CCM.

Step 1: Creating a Free Certificate (Method 1)

  1. Log in to the management console.
  2. In the upper left corner of the certificate list, click Create Test Certificate.

    The numbers displayed next to the Create Test Certificate button indicate the remaining quota and total quota of test certificates you can create. For example, if 13/20 is displayed, you can create 13 more test certificates and can create up to 20 test certificates.

  3. Read and select I have read and agree to the Cloud Certificate Manager Statement. Then, click OK.
  4. You can view the created free test certificate in the SSL certificate list.

    If the test certificate is not displayed in the certificate list, refresh the page.

Step 1: Creating a Free Certificate (Method 2)

  1. Log in to the management console.
  2. In the upper right corner of the page, click Buy Certificate to go to the certificate purchase page.
  3. On the certificate purchase page, set parameters.
    • Domain Type: Select Single domain.
    • Certificate Type: Select DV (Basic).
    • Certificate Authority: Select DigiCert.
    • After you select a certificate type and CA, other parameters, such as Domain Quantity, Validity Period, and Quantity, are configured automatically.
    Figure 1 Free certificate configuration
  4. Click Next.
  5. Confirm the order information and agree to the CCM statement by selecting I have read and agree to the Cloud Certificate Manager Statement. Click Pay.
  6. On the displayed page, select a payment method.

    After the payment is complete, go back to the certificate list to view the purchased certificate.

Step 2: Submit a Certificate Application to the CA

After you create a test certificate, associate a domain name with the certificate, provide additional details, and then submit the application for approval.

  1. Log in to the management console.
  2. In the certificate list, locate the row that contains the free certificate, and click Apply for Certificate in the Operation column.
  3. On the displayed page, enter the domain name and contact information.
    1. Enter the domain name information.
      Table 1 Domain name parameters

      Parameter

      Description

      Example Value

      CSR

      To obtain an SSL certificate, a Certificate Signing Request (CSR) file needs to be submitted to the CA for review. A CSR contains a public key and a distinguished name (DN). Typically, a CSR is generated by a web server. A pair of public and private keys are created along with the CSR.

      Options:
      • System generated CSR: The system automatically generates a certificate private key. Once the certificate is issued, you can download your certificate and private key on the certificate management page.
      • Upload a CSR: You need to manually generate a CSR file and paste the content of the CSR file generated into the text box.

      System generated CSR

      Domain Name

      The domain name for which the certificate is used

      Example: If your domain is www.domain.com, enter www.domain.com for Domain Name.

      www.domain.com

    2. Click Next. The Provide Organization/Authorization Details page is displayed.
    3. Enter the company contact information. Table 2 describes the parameters.
      Figure 2 Configuring authorization information
      Table 2 Parameter description

      Parameter

      Description

      Example Value

      Company Contact/Authorizing Person Information

      You only need to enter the name, phone number, and email address of the contact.

      To get your certificate issued quickly, the phone number and email address entered must be valid.

      None

      (Optional) Technical Contact Information

      The parameter is optional. You can skip it.

      None

  4. Click Submit.

    The system will submit your application to the CA. During the approval process, make sure that you can be reached by phone and that you regularly check for emails from the CA.

Step 3: Verify Domain Ownership by DNS

Domain name ownership verification by DNS is to verify domain ownership by resolving a specific DNS record on the platform hosting the domain name. To this end, you need to add a DNS record for your domain name on the platform. For example, if you purchase a domain name from company A, you need to add a TXT DNS record for your domain name on the domain name management platform of company A.

  • If you apply for a domain name on and the domain name has been resolved by DNS, the system automatically adds DNS records for verification.
  • If your domain name is hosted on other platforms, such as www.net.cn, www.xinnet.com, and www.dnspod.cn, you need to go to the DNS service provider of the domain name to perform the verification.
  • After you submit the certificate application to a CA, complete the configuration of domain name verification based on the information displayed on the certificate list page, or your certificate will remain in the Pending domain name verification state and will fail the verification.
  • After you complete the DNS verification on your side, it still takes a while for the CA to review your DNS verification results.

Step 4: Issue the Certificate

After the domain name ownership is verified using DNS, it takes some time for the CA to approve your application. The CA will issue the certificate only after they validate your information.

The certificate takes effect immediately upon issuance. You can deploy the certificate to other cloud products or download the certificate and deploy it on a server.

After you submit an application, the CA checks the domain ownership or organization verification status at the following frequency:
  • 0 to 1 hour after the application is submitted: The CA checks the verification status every 15 minutes. Generally, if the configuration is correct, the certificate is issued within 10 to 20 minutes.
  • 1 to 4 hours after the application is submitted: The CA checks the verification every 30 minutes.
  • 4 to 24 hours after the application is submitted: The CA checks the verification every hour.
  • 1 to 7 days after the application is submitted: The CA checks the verification every 4 hours.
  • If you did not complete the required verification over 7 days after the application is submitted, the order times out and is automatically canceled.