Updated on 2023-07-26 GMT+08:00

Billing Description

Billing Items

You will be billed based on how many private CAs and private certificates you have.

Billing

Private CAs and private certificates are billed on a pay-per-use basis. A root CA is billed from the moment it is created. Subordinate CAs are not billed until they are activated. Table 1 provides details about how private CAs are billed.

In this billing mode, you pay for what you use based on the actual service duration (in hours), without a minimum fee.

Table 1 Private CA billing description

CA Status

Billed or Not

Remarks

Pending activation

No

A private certificate can be used only after being activated.

Activated

Yes

An activated CA can issue certificates, revoke certificates, and sign CRLs.

NOTICE:

How an activated CA works depends on what type of key it owns.

Disabled

Yes

A disabled CA cannot be used to issue certificates, but it can still revoke certificates and sign CRLs.

NOTICE:

How an activated CA works depends on what type of key it owns.

Pending deletion

  • If a private CA in the Pending deletion status is finally deleted as scheduled, no additional fee is incurred for the pending deletion period.
  • If the deletion is canceled for a private CA in the Pending deletion status, the pending period for the private CA will be billed.

For example, if you delete a private CA at 00:00 on January 1, 2022 and the private CA is deleted seven days later as scheduled, you will not be billed for the seven days. If you cancel the scheduled deletion at 00:00 on January 4, 2022 and the private CA is not deleted, you will still be billed for the CA for the period from 00:00 on January 1, 2022 to 00:00 on January 4, 2022.

NOTICE:

Only Disabled or Expired private CAs can enter into the Pending deletion status when they are deleted. This means when you delete a disabled or expired certificate, it cannot be deleted immediately. It takes at least 7 days for a scheduled deletion to take effect (depending on the delay time you configured).

Only the deletion cancellation is provided.

Expired

Yes

An expired private CA is no longer trusted and cannot issue or revoke certificates or sign CRLs, but it still uses the CA quota and can be exported.

CAUTION:

If you no longer need it, delete it as soon as possible to stop the billing.

Revoked

No

Only subordinate CAs can be revoked. If the CRL function is enabled for their parent CA, the revocation information will be published in the CRL of subordinate CAs. Revoked private CA will no longer be trusted.

Changing Billing Options

Private CAs and private certificates are billed on a pay-per-use basis.

To stop billing for a private CA or certificate, delete it.