Help Center> Cloud Certificate Manager> FAQs> About Test Certificates> How Can I Apply for a Test SSL Certificate?
Updated on 2023-10-20 GMT+08:00
View PDF

How Can I Apply for a Test SSL Certificate?

In Huawei Cloud SCM, you can get free single-domain basic DV certificates issued by DigiCert. The validity period of such free certificates is one year.

Prerequisites

The account for purchasing a certificate has the SCM Administrator/SCM FullAccess, BSS Administrator, and DNS Administrator permissions.

  • BSS Administrator: has all permissions on account center, billing center, and resource center. It is a project-level role, which must be assigned in the same project.
  • DNS Administrator: has full permissions for DNS.

For details, see Permissions Management.

Constraints

  • You can apply for a maximum of 20 test certificates under each account. In SCM, only one test certificate can be applied for at a time.
    • Deleted certificates and revoked certificates are all counted towards the test certificate quota.
    • Your account and the IAM users created under your account share the quota of the 20 test certificates. For example, if an account has applied for 20 test certificates, no test certificate quota can be used by this account or the IAM users created by it.
    • If your Huawei Cloud account has used up the quota of 20 test SSL certificates but you still want to apply for more SSL test certificates, purchase the DigiCert DV (basic) single-domain certificate package to increase your test certificate quota. For details, see What Can I Do If My Test Certificate Quota Is Used Up?
  • One test SSL certificate can be used for only one single domain name.
  • Test certificates cannot be used to protect IP addresses or wildcard domain names.
  • By default, DNS verification is used to verify the domain ownership of a test certificate.
  • The trust and security level of test certificates are low. They are recommended only for testing.
  • For DigiCert DV (Basic) free certificates, no free technical support or installation guide is provided.
  • A test certificate cannot be renewed. After a test certificate expires, it cannot be used anymore. If you still need an SSL certificate, create one in CCM.

Step 1: Creating a Free Certificate (Method 1)

  1. Log in to the management console.
  2. Click in the upper left corner of the page and choose Security & Compliance > Cloud Certificate Management Service. The service console is displayed.
  3. In the navigation pane, choose SSL Certificate Manager > SSL Certificates.
  4. In the certificate list, click Create Test Certificate.

    The numbers displayed next to the Create Test Certificate button indicate the remaining quota and total quota of test certificates you can create. For example, if 13/20 is displayed, you can create 13 more test certificates and can create up to 20 test certificates.

  5. Read and select I have read and agree to the Cloud Certificate Manager Statement. Then, click OK.
  6. You can view the created test certificate on the Test Certificates tab on the SSL Certificates page.

    If the test certificate is not displayed in the certificate list, refresh the page.

Step 1: Creating a Free Certificate (Method 2)

  1. Log in to the management console.
  2. Click in the upper left corner of the page and choose Security & Compliance > Cloud Certificate Management Service. The service console is displayed.
  3. In the navigation pane, choose SSL Certificate Manager > SSL Certificates.
  4. In the upper right corner of the page, click Buy Certificate to go to the certificate purchase page.
  5. On the certificate purchase page, set parameters.
    • Domain Type: Select Single domain.
    • Certificate Type: Select DV (Basic).
    • Certificate Authority: Select DigiCert.
    • After you select a certificate type and CA, other parameters, such as Domain Quantity, Validity Period, and Quantity, are configured automatically.
    Figure 1 Free certificate configuration
  6. Click Next.
  7. Confirm the order information and agree to the CCM statement by selecting I have read and agree to the Cloud Certificate Manager Statement. Click Pay.
  8. On the displayed page, select a payment method.

    After you pay for the order, you can view the created test certificate on the Test Certificates tab on the SSL Certificates page.

Step 2: Submit a Certificate Application to the CA

After you create a test certificate, associate a domain name with the certificate, provide additional details, and then submit the application for approval.

  1. Log in to the management console.
  2. Click in the upper left corner of the page and choose Security & Compliance > Cloud Certificate Management Service. The service console is displayed.
  3. In the navigation pane, choose SSL Certificate Manager > SSL Certificates.
  4. In the certificate list, locate the row that contains the free certificate, and click Apply for Certificate in the Operation column.
  5. On the displayed page, enter the domain name and contact information.
    1. Enter the domain name information. Table 1 describes the parameters.
      Figure 2 Domain name configuration
      Table 1 Domain name parameters

      Parameter

      Description

      Example Value

      CSR

      To obtain an SSL certificate, a Certificate Signing Request (CSR) file needs to be submitted to the CA for review. A CSR contains a public key and a distinguished name (DN). Typically, a CSR is generated by a web server. A pair of public and private keys are created along with the CSR.

      Options:
      • System generated CSR: The system automatically generates a certificate private key. Once the certificate is issued, you can download your certificate and private key on the certificate management page.
      • Upload a CSR: You need to manually generate a CSR file and paste the content of the CSR file generated into the text box. For more details, see How Do I Make a CSR File?

      System generated CSR

      Domain Name

      The domain name for which the certificate is used

      Example: If your domain is www.domain.com, enter www.domain.com for Domain Name.

      To associate a Chinese domain name with a certificate, use encoding tool Punycode to encode the Chinese domain name and then enter the encoded data.

      For example, if the encoded data is xn--siq1ht8k.com, set this parameter to xn--siq1ht8k.com.

      www.domain.com
    2. Click Next. The Provide Organization/Authorization Details page is displayed.
    3. Enter the company contact information. Table 2 describes the parameters.
      Figure 3 Configuring authorization information
      Table 2 Parameter description

      Parameter

      Description

      Example Value

      Company Contact/Authorizing Person Information

      You only need to enter the name, phone number, and email address of the contact.

      To get your certificate issued quickly, the phone number and email address entered must be valid.

      None

      (Optional) Technical Contact Information

      The parameter is optional. You can skip it.

      None
  6. After confirming that the entered information is correct, read through the Cloud Certificate Manager Statement, Privacy Statement, and the authorization statement, and check the box to agree to the disclaimer and statements
  7. Click Submit.

    The system will submit your application to the CA. During the approval process, make sure that you can be reached by phone and that you regularly check for emails from the CA.

Step 3: Verify Domain Ownership by DNS

Domain name ownership verification by DNS is to verify domain ownership by resolving a specific DNS record on the platform hosting the domain name. To this end, you need to add a DNS record for your domain name on the platform. For example, if you purchase a domain name from company A, you need to add a TXT DNS record for your domain name on the domain name management platform of company A. For details about how to verify domain name ownership by DNS, see Verifying Domain Ownership by Resolving the DNS Record.

  • If you apply for a domain name on Huawei Cloud and the domain name has been resolved by Huawei Cloud DNS, the system automatically adds DNS records for verification.
  • If your domain name is hosted on other platforms, such as www.net.cn, www.xinnet.com, and www.dnspod.cn, you need to go to the DNS service provider of the domain name to perform the verification.

    For more details, see DNS Verification.

  • After you submit the certificate application to a CA, complete the configuration of domain name verification based on the information displayed on the certificate list page, or your certificate will remain in the Pending domain name verification state and will fail the verification.
  • After you complete the DNS verification on your side, it still takes a while for the CA to review your DNS verification results.

Step 4: Issue the Certificate

After the domain name ownership is verified using DNS, it takes some time for the CA to approve your application. The CA will issue the certificate only after they validate your information.

The certificate takes effect immediately upon issuance. You can deploy the certificate to other cloud products on Huawei Cloud or download the certificate and deploy it on a server.

After you submit an application, the CA checks the domain ownership or organization verification status at the following frequency:
  • 0 to 1 hour after the application is submitted: The CA checks the verification status every 15 minutes. Generally, if the configuration is correct, the certificate is issued within 10 to 20 minutes.
  • 1 to 4 hours after the application is submitted: The CA checks the verification every 30 minutes.
  • 4 to 24 hours after the application is submitted: The CA checks the verification every hour.
  • 1 to 7 days after the application is submitted: The CA checks the verification every 4 hours.
  • If you did not complete the required verification over 7 days after the application is submitted, the order times out and is automatically canceled. In this case, locate the causes and solve the problem by referring to Why Does the Certificate Stay in the CA Verifying Status for a Long Time?
Parent topic: About Test Certificates

About Test Certificates FAQs

more