Updated on 2023-12-20 GMT+08:00

About SCM and SSL Certificate Usage

There are multiple SSL certificate types available from well-known CAs. For details, see Differences Between Certificate Types. This section describes how to purchase and select SSL certificates.

With an SSL certificate deployed on your web server, the server uses HTTPS to establish encrypted links to the client, ensuring data transmission security.

For details, see Figure 1 and Table 1.
Figure 1 Certificate usage process
Table 1 Certificate usage process

Step

Operation

Description

1

Purchasing an SSL Certificate

On the SCM platform, purchase an SSL certificate for your domain name.

For more details, see Differences Between SSL Certificate Types and How Do I Select an SSL Certificate?

2

Submitting an SSL Certificate Application to the CA

After you purchase a certificate, associate it with a domain name, provide additional details, and then submit the application to the CA for validation.

3

Verifying the Domain Name Ownership

You need to work with the CA to complete the domain name ownership verification.

SCM provides the following domain name ownership verification methods:

  • Automatic DNS verification can be used for certificates that meet stated conditions.
  • Manual DNS verification: suitable for all types of certificates.
  • Email verification: suitable for OV and EV certificates only.
  • File Verification: This method is optional only for OV and EV certificates.

4

Verifying the Organization (for OV and EV Certificates)

This operation is required only when you apply for an OV, OV Pro, EV, or EV Pro certificate.

After the domain name ownership is verified, the CA will initiate organization verification.

5

Issuing an SSL Certificate

When the verification is complete, it takes some time for the CA to approve your verification. For details about the application time, see How Long Does It Take for a CA to Approve an SSL Certificate?

The CA will issue the certificate only after they validate your information. An SSL certificate is valid for one year from the time it is issued.

6

Installing an SSL Certificate

You can download the certificate and install it on a server.

  • An SSL certificate cannot enable HTTPS-encrypted communication until it is installed on the web server housing the service.

7

Renewing an SSL Certificate

Since September 1, 2020, global CAs issues only one-year SSL certificates. When a certificate expires, it will no longer be trusted by the browser. You are advised to manually renew the certificate 30 days before it expires to prevent your services from being affected.

Renewing an SSL certificate is to apply for a new certificate with the exactly same configurations as the original one. The configurations include the certificate authority, certificate type, domain type, domain quantity, and primary domain name. After you renew a certificate, install the new certificate on your web server to replace the old certificate that is about to expire.

8

Revoking an SSL Certificate

If you no longer need an issued SSL certificate for security reasons or other reasons, for example, the certificate key is lost, you can revoke the certificate on the SCM console.

You can revoke a certificate that has been issued by a CA. A revoked certificate is no longer trusted and can no longer be used for certificate-based encryption.