Updated on 2024-09-18 GMT+08:00

Purchasing an SSL Certificate

In CCM, you can buy and request for many types of SSL certificates from multiple certificate authorities who win the trust globally.

Prerequisites

The account for purchasing a certificate has the SCM Administrator/SCM FullAccess, BSS Administrator, and DNS Administrator permissions.

  • BSS Administrator: has all permissions on account center, billing center, and resource center. It is a project-level role, which must be assigned in the same project.
  • DNS Administrator: has full permissions for DNS.

For details, see Permissions Management.

Constraints

Special enterprises cannot apply for OV or EV certificates. For example, military units, some government agencies, and national security departments.

To apply for OV and EV certificates, organizations must verify their identity through unified social credit code published on the national official website. While, special enterprises cannot verify their organization identity because there is no related details on that website.

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner of the page and choose Security & Compliance > Cloud Certificate Management Service. The service console is displayed.
  3. In the navigation pane on the left, choose SSL Certificate Manager. In the upper right corner of the page, click Buy Certificate.
  4. On the page for purchasing a certificate, specify Domain Type, Domain Quantity, Certificate Type, Certificate Authority, Validity Period,, Quantity, and Tags, as shown in the following figure.

    Figure 1 Certificate selection
    1. Domain Type: Select a domain name type.

      Only Single domain, Multiple domains, or Wildcard can be selected for your certificates. For details about the parameters, see Table 1.

      Table 1 Domain types

      Domain Type

      Description

      Single domain

      Only a single domain can be associated with an SSL certificate. For example, example.com.

      Multiple domains

      Multiple domain names can be associated with an SSL certificate.

      • You can associate a multi-domain certificate with up to 250 domain names.
      • A wildcard domain name is allowed only by OV or OV pro multi-domain certificates. Other types of multi-domain certificates can only associate with multiple single domain names
      • You can associate a multi-domain certificate with multiple domain names at different time points. For example, if you purchase a multi-domain certificate with three domain names, you can associate it with two domain names when applying for the certificate, and associate it with the last domain name after the certificate is issued.
      • The number of domain names a multi-domain certificate can protect depends on the domain quantity you configure when you buy the certificate. If you have more domain names to protect after the purchase completes, purchase another certificate for them.

      Wildcard domain

      Only one wildcard domain can be associated with an SSL certificate. Domain names having multiple wildcard characters, such as *.*.example.com, are not supported.

      Only one wildcard character is allowed in a wildcard domain name, for example, *.example.com, which may include domain names a.example.com, b.example.com, and more, but does not include a.a.example.com.

      For details about how to select a domain type, see How Do I Select an SSL Certificate?

    2. Set the domain quantity.
      • If the Domain Type value is Single domain or Wildcard, you can only associate one domain name with a certificate.
      • If you select Multiple domains for Domain Type, you can associate 2 to 250 domain names with a certificate. Set the quantity of domain names based on your needs.
    3. Select a certificate type.

      For more details, see Table 2.

      Table 2 Certificate types

      Certificate Type

      Application Scenario

      Verification Requirements

      Security

      Approval Period

      EV Pro

      Websites, applications, and applets of large enterprises or organizations, such as government departments, e-commerce platforms, online education agencies, financial institutions, and healthcare agencies. EV Pro certificates use stronger encryption algorithms than EV certificates.

      CAs will verify the organization identity and the domain name ownership.

      Highest

      7 to 10 working days

      EV

      Websites, applications, and applets of large enterprises or organizations, such as government departments, e-commerce platforms, online education agencies, financial institutions, and healthcare agencies

      CAs will verify the organization identity and the domain name ownership.

      Highest

      7 to 10 working days

      OV Pro

      Websites, applications, and applets of small and medium-sized enterprises. OV Pro certificates use stronger encryption algorithms than OV certificates.

      CAs will verify the organization identity and the domain name ownership.

      High

      3 to 5 working days

      OV

      Websites, applications, and applets of small and medium-sized enterprises

      The CA follows a standard process to validate the organization identity and the domain name ownership.

      High

      3 to 5 working days

      DV (Basic)

      Personal websites and enterprise tests.

      The CA verifies the domain name ownership only.

      General

      Several hours

      For more details, see Differences Between Certificate Types

    4. Select a certificate authority.

      DigiCert and GeoTrust are available CAs in CCM. For more details, see Differences Between Certificates Types.

    5. Set Validity Period. The default value is 1 year.

      The validity period of a certificate starts from the time the certificate is issued. After a certificate expires, a new one must be purchased.

      If you have not enabled auto-renewal, manually renew the certificate or purchase another one 3 to 10 working days before it expires. If you have enabled auto-renewal, check the validation emails from the CA and finish required verification 3 to 10 working days before it expires to ensure that the certificate is valid before the CA validates your verification and issues a new certificate.

    6. Set the number of certificates you want to buy in the Quantity field.
    7. (Optional) Tags: Add a tag to the purchased certificate. For details, see Creating a Tag.

  5. Click Next.

    If you have any questions about the pricing, click Pricing Details.

  6. Confirm the order information and agree to the CCM statement by selecting I have read and agree to the Cloud Certificate Manager Statement. Click Pay.
  7. On the displayed page, select a payment method.

    After the payment is successful, you can go to the SSL Certificate Manager > SSL Certificates page to view certificates you purchased.

    • To view your paid certificates, click the SSL Certificates tab.
    • To view your test certificates, click the Test Certificates tab.

Follow-up Procedure

After you purchase an SSL certificate, you still need to associate a domain name with it, provide certain details, and then submit it to the corresponding CA for approval. The CA reviews your application and issues the certificate when they consider your application valid. For details, see Submitting an SSL Certificate Application to the CA.