About SCM and SSL Certificate Usage

SCM provides certificates of multiple types issued by different CAs. For more details, see Differences Between SSL Certificate Types. This document describes the process of how to purchase and use an SSL certificate.

With an SSL certificate deployed on your web server, the server uses HTTPS to establish encrypted links to the client, ensuring data transmission security.

For details, see Figure 1 and Table 1.

Figure 1 Certificate usage process

**Table 1** Certificate usage process
Step	Operation	Description
1	Purchasing an SSL Certificate	On the SCM platform, purchase an SSL certificate for your domain name. For more details, see Differences Between SSL Certificate Types and How Do I Select an SSL Certificate?
2	Submitting an SSL Certificate Application to the CA	After you purchase a certificate, associate it with a domain name, provide additional details, and then submit the application to the CA for validation.
3	Verifying the Domain Name Ownership	You need to work with the CA to complete the domain name ownership verification. SCM provides the following domain name ownership verification methods: Automatic DNS verification can be used for certificates that meet stated conditions. Manual DNS verification: suitable for all types of certificates. Email verification: suitable for OV and EV certificates only. File Verification: This method is optional only for OV and EV certificates.
4	Verifying the Organization (for OV and EV Certificates)	This operation is required only when you apply for an OV, OV Pro, EV, or EV Pro certificate. After the domain name ownership is verified, the CA will initiate organization verification.
5	Issuing an SSL Certificate	When the verification is complete, it takes some time for the CA to approve your verification. For details, see How Long Does It Take to Approve an SSL Certificate? The CA will issue the certificate only after they validate your information. An SSL certificate is valid for one year from the time it is issued.
6	Installing an SSL Certificate	You can deploy the issued certificate in other Huawei Cloud services in just a few clicks or download the certificate and install it on a server. You can use SCM to quickly deploy SSL certificates to other cloud services to improve their data access security. An SSL certificate cannot enable HTTPS-encrypted communication until it is installed on the web server housing the service.
7	Renewing an SSL Certificate	Since September 1, 2020, global CAs issues only one-year SSL certificates. When a certificate expires, it will no longer be trusted by the browser. You are advised to enable auto-renewal or manually renew the certificate 30 days before it expires to prevent your services from being affected. Renewing an SSL certificate is to apply for a new certificate with the exactly same configurations as the original one. The configurations include the certificate authority, certificate type, domain type, domain quantity, and primary domain name. After you renew a certificate, install the new certificate on your web server or deploy it on other Huawei Cloud services to replace the old certificate that is about to expire.
8	Revoking an SSL Certificate	If you no longer need an issued SSL certificate for security reasons or other reasons, for example, the certificate key is lost, you can revoke the certificate on the SCM console. You can revoke a certificate that has been issued by a CA. A revoked certificate is no longer trusted and can no longer be used for certificate-based encryption.