Purchasing an SSL Certificate
In CCM, you can buy and request for many types of SSL certificates from multiple certificate authorities who win the trust globally.
Prerequisites
The account for purchasing a certificate has the SCM Administrator/SCM FullAccess, BSS Administrator, and DNS Administrator permissions.
- BSS Administrator: has all permissions on account center, billing center, and resource center. It is a project-level role, which must be assigned in the same project.
- DNS Administrator: has full permissions for DNS.
For details, see Permissions Management.
Constraints
Special enterprises cannot apply for OV or EV certificates. For example, military units, some government agencies, and national security departments.
To apply for OV and EV certificates, organizations must verify their identity through unified social credit code published on the national official website. While, special enterprises cannot verify their organization identity because there is no related details on that website.
Procedure
- Log in to the management console.
- Click in the upper left corner of the page and choose . The service console is displayed.
- In the navigation pane on the left, choose SSL Certificate Manager. In the upper right corner of the page, click Buy Certificate.
- On the page for purchasing a certificate, specify Domain Type, Domain Quantity, Certificate Type, Certificate Authority, Validity Period,, Quantity, and Tags, as shown in the following figure.
Figure 1 Certificate selection
- Domain Type: Select a domain name type.
Only Single domain, Multiple domains, or Wildcard can be selected for your certificates. For details about the parameters, see Table 1.
Table 1 Domain types Domain Type
Description
Single domain
Only a single domain can be associated with an SSL certificate. For example, example.com.
Multiple domains
Multiple domain names can be associated with an SSL certificate.
- You can associate a multi-domain certificate with up to 250 domain names.
- A wildcard domain name is allowed only by OV or OV pro multi-domain certificates. Other types of multi-domain certificates can only associate with multiple single domain names
- You can associate a multi-domain certificate with multiple domain names at different time points. For example, if you purchase a multi-domain certificate with three domain names, you can associate it with two domain names when applying for the certificate, and associate it with the last domain name after the certificate is issued.
- The number of domain names a multi-domain certificate can protect depends on the domain quantity you configure when you buy the certificate. If you have more domain names to protect after the purchase completes, purchase another certificate for them.
Wildcard domain
Only one wildcard domain can be associated with an SSL certificate. Domain names having multiple wildcard characters, such as *.*.example.com, are not supported.
Only one wildcard character is allowed in a wildcard domain name, for example, *.example.com, which may include domain names a.example.com, b.example.com, and more, but does not include a.a.example.com.
For details about how to select a domain type, see How Do I Select an SSL Certificate?
- Set the domain quantity.
- If the Domain Type value is Single domain or Wildcard, you can only associate one domain name with a certificate.
- If you select Multiple domains for Domain Type, you can associate 2 to 250 domain names with a certificate. Set the quantity of domain names based on your needs.
- Select a certificate type.
For more details, see Table 2.
Table 2 Certificate types Certificate Type
Application Scenario
Verification Requirements
Security
Approval Period
EV Pro
Websites, applications, and applets of large enterprises or organizations, such as government departments, e-commerce platforms, online education agencies, financial institutions, and healthcare agencies. EV Pro certificates use stronger encryption algorithms than EV certificates.
CAs will verify the organization identity and the domain name ownership.
Highest
7 to 10 working days
EV
Websites, applications, and applets of large enterprises or organizations, such as government departments, e-commerce platforms, online education agencies, financial institutions, and healthcare agencies
CAs will verify the organization identity and the domain name ownership.
Highest
7 to 10 working days
OV Pro
Websites, applications, and applets of small and medium-sized enterprises. OV Pro certificates use stronger encryption algorithms than OV certificates.
CAs will verify the organization identity and the domain name ownership.
High
3 to 5 working days
OV
Websites, applications, and applets of small and medium-sized enterprises
The CA follows a standard process to validate the organization identity and the domain name ownership.
High
3 to 5 working days
DV (Basic)
Personal websites and enterprise tests.
The CA verifies the domain name ownership only.
General
Several hours
For more details, see Differences Between Certificate Types
- Select a certificate authority.
DigiCert and GeoTrust are available CAs in CCM. For more details, see Differences Between Certificates Types.
DigiCert and Geotrust certificates will be issued using the DigiCert Global Root G2 root certificates since December 1, 2024. For details about certificate chain changes, see [October 28, 2024] Notice on Switching the DigiCert Root Certificate.
- Set Validity Period. The default value is 1 year.
The validity period of a certificate starts from the time the certificate is issued. After a certificate expires, a new one must be purchased.
If you have not enabled auto-renewal, manually renew the certificate or purchase another one 3 to 10 working days before it expires. If you have enabled auto-renewal, check the validation emails from the CA and finish required verification 3 to 10 working days before it expires to ensure that the certificate is valid before the CA validates your verification and issues a new certificate.
- Set the number of certificates you want to buy in the Quantity field.
- (Optional) Tags: Add a tag to the purchased certificate. For details, see Creating a Tag.
- Domain Type: Select a domain name type.
- Click Next.
If you have any questions about the pricing, click Pricing Details.
- If you want to purchase a GeoTrust or DigiCert certificate, a dialog box is displayed. Read the information carefully and click OK.
- Confirm the order information and agree to the CCM statement by selecting I have read and agree to the Cloud Certificate Manager Statement. Click Pay.
- On the displayed page, select a payment method.
After the payment is successful, you can go to the
page to view certificates you purchased.- To view your paid certificates, click the tab.
- To view your test certificates, click the tab.
Follow-up Procedure
After you purchase an SSL certificate, you still need to associate a domain name with it, provide certain details, and then submit it to the corresponding CA for approval. The CA reviews your application and issues the certificate when they consider your application valid. For details, see Submitting an SSL Certificate Application to the CA.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot