About SCM and SSL Certificate Usage

There are multiple SSL certificate types available from well-known CAs. For details, see Differences Between Certificate Types. This section describes how to purchase and select SSL certificates.

With an SSL certificate deployed on your web server, the server uses HTTPS to establish encrypted links to the client, ensuring data transmission security.

For details, see Figure 1 and Table 1.

Figure 1 Certificate usage process

**Table 1** Certificate usage process
Step	Operation	Description
1	Purchasing an SSL Certificate	On the SCM platform, purchase an SSL certificate for your domain name. For more details, see Differences Between SSL Certificate Types and How Do I Select an SSL Certificate?
2	Submitting an SSL Certificate Application to the CA	After you purchase a certificate, associate it with a domain name, provide additional details, and then submit the application to the CA for validation.
3	Verifying the Domain Name Ownership	You need to work with the CA to complete the domain name ownership verification. SCM provides the following domain name ownership verification methods: Automatic DNS verification can be used for certificates that meet stated conditions. Manual DNS verification: suitable for all types of certificates. Email verification: suitable for OV and EV certificates only. File Verification: This method is optional only for OV and EV certificates.
4	Verifying the Organization (for OV and EV Certificates)	This operation is required only when you apply for an OV, OV Pro, EV, or EV Pro certificate. After the domain name ownership is verified, the CA will initiate organization verification.
5	Issuing an SSL Certificate	When the verification is complete, it takes some time for the CA to approve your verification. For details about the application time, see How Long Does It Take for a CA to Approve an SSL Certificate? The CA will issue the certificate only after they validate your information. An SSL certificate is valid for one year from the time it is issued.
6	Installing an SSL Certificate	You can download the certificate and install it on a server. An SSL certificate cannot enable HTTPS-encrypted communication until it is installed on the web server housing the service.
7	Renewing an SSL Certificate	Since September 1, 2020, global CAs issues only one-year SSL certificates. When a certificate expires, it will no longer be trusted by the browser. You are advised to manually renew the certificate 30 days before it expires to prevent your services from being affected. Renewing an SSL certificate is to apply for a new certificate with the exactly same configurations as the original one. The configurations include the certificate authority, certificate type, domain type, domain quantity, and primary domain name. After you renew a certificate, install the new certificate on your web server to replace the old certificate that is about to expire.
8	Revoking an SSL Certificate	If you no longer need an issued SSL certificate for security reasons or other reasons, for example, the certificate key is lost, you can revoke the certificate on the SCM console. You can revoke a certificate that has been issued by a CA. A revoked certificate is no longer trusted and can no longer be used for certificate-based encryption.

Next topic: Purchasing an SSL Certificate

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel