Updated on 2023-12-20 GMT+08:00

Submitting an SSL Certificate Application to the CA

After you purchase a certificate, you still need to associate a domain name with it, provide certain details, and then submit it to the corresponding CA for approval. The CA will not issue the certificate until all the submitted details have been reviewed.

This topic describes how to apply for a certificate.

Prerequisites

You have an SSL certificate in the Pending application status.

Constraints

A Chinese domain name can only be associated with a certificate when it is encoded with Punycode.

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner of the page and choose Security & Compliance > Cloud Certificate Management Service. The service console is displayed.
  3. In the navigation pane on the left, choose SSL Certificate Manager. In the row containing the desired certificate, click Apply for Certificate in the Operation column.
  4. On the displayed page, enter the domain name, organization, and applicant information.

    Figure 1 Domain name and other information
    1. CSR

      A certificate signing request (CSR) contains information about your server and company. When applying for a certificate, you need to submit a CSR file of your certificate to the CA for review.

      CSR file generation method:

      • System generated CSR (recommended): The system automatically generates a certificate private key. Once the certificate is issued, you can download your certificate and private key on the certificate management page.
      • Upload a CSR: You need to manually generate a CSR file and paste the content of the CSR file generated into the text box. For more details, see

      For details about the differences between the two types of certificate request files, see

    2. Domain Name
      • If you select Upload a CSR for CSR, the domain name is auto-filled.
      • If you select System generated CSR for CSR, manually enter the domain name.
        Table 1 Associating a certificate with a domain name

        Type

        Description

        Single domain

        Enter one domain name to be associated.

        For example, if the domain name is example.com, configure the parameters as shown in the following figure.

        Multiple domains

        The primary domain name and additional domain name must be configured.

        For example, if the domain names are example.com, a.example.com, and b.example.com, configure the parameters as shown in the following figure.

        NOTE:
        • The number of additional domain names must be greater than or equal to 1. You can add one or more additional domain names at a time.
        • One additional domain name per line.
        • If you purchase a multi-domain certificate (single domain name + wildcard domain name), the primary domain name can be a single domain name.
        • A primary domain and additional domains can be equally protected.

        Wildcard domain

        Enter the wildcard domain name to be bound.

        For example, if the domain name to be bound is *.example.com, set the parameters as shown in the following figure.

        To associate a Chinese domain name with a certificate, use encoding tool Punycode to encode the Chinese domain name and then enter the encoded data.

    3. Root Certificate Hash Algorithm

      If you purchase a DigiCert OV certificate, keep the default settings and do not select SHA-256 unless you have to.

      If SHA-256 is used for a root certificate, there might be some compatibility issues on browsers of earlier versions.

    4. Company Information
      Enter your organization information as prompted.
      • This parameter is mandatory only for OV and EV certificates.
      • Enter the full name of the company you registered on your business license.
    5. Applicant Details
      • The CA will contact you through the applicant email address and phone number you provide to verify information.
      • Personal information used as contact details is not included in the issued certificate.
    6. Technical Contact Information

      This parameter is optional. If you set this parameter, ensure that the name, phone number, and email address of the technical support person are correct.

  5. Click Submit.

    The system will submit your application to the CA. During the approval process, make sure that you can be reached by phone and that you regularly check for emails from the CA.

Follow-up Procedure

  • The CA will handle your application within 2 to 3 working days and send a verification email to you.

    Perform domain name verification as required. For more details, see Verifying Domain Name Ownership.

  • If you have submitted a certificate application but then discover there are incorrect details included, you can withdraw the application, modify information, and apply for a new certificate. For details, see Withdrawing an Application.