How Can I Apply for a Test SSL Certificate?
In Huawei Cloud SCM, DigiCert provides three-month single-domain basic DV certificates as test certificates.
Prerequisites
The account for purchasing a certificate has the SCM Administrator/SCM FullAccess, BSS Administrator, and DNS Administrator permissions.
- BSS Administrator: has all permissions on account center, billing center, and resource center. It is a project-level role, which must be assigned in the same project.
- DNS Administrator: has full permissions for DNS.
For details, see Permissions Management.
Constraints
- You can apply for a maximum of 20 test certificates under each account. In SCM, only one test certificate can be applied for at a time.
- Once you purchase a test certificate, it will be counted towards the quota even if you delete it after submitting the application or revoke it after it is issued.
- Your account and the IAM users created under your account share the quota of the 20 test certificates. For example, if an account has applied for 20 test certificates, no test certificate quota is available for this account or the IAM users it creates.
- If your Huawei Cloud account has used up the quota of 20 test SSL certificates but you still want to apply for more SSL test certificates, purchase the DigiCert DV (basic) single-domain certificate package to increase your test certificate quota. For details, see What Can I Do If My Test Certificate Quota Is Used Up?
- One test SSL certificate can be used for only one single domain name.
- Test certificates cannot be used to protect IP addresses or wildcard domain names.
- By default, DNS verification is used to verify the domain ownership of a test certificate.
- The trust and security level of test certificates are low. They are recommended only for testing.
- For DigiCert DV (Basic) free certificates, no free technical support or installation guide is provided.
- A test certificate cannot be renewed. After a test certificate expires, it cannot be used anymore. If you still need an SSL certificate, create one in CCM.
Step 1: Creating a Free Certificate (Method 1)
- Log in to the management console.
- Click in the upper left corner of the page and choose . The service console is displayed.
- In the navigation pane, choose SSL Certificate Manager > SSL Certificates.
- In the certificate list, click Create Test Certificate.
The numbers displayed next to the Create Test Certificate button indicate the remaining quota and total quota of test certificates you can create. For example, if 13/20 is displayed, you can create 13 more test certificates and can create up to 20 test certificates.
- Read and select I have read and agree to the Cloud Certificate Manager Statement. Then, click OK.
- You can view the created test certificate on the Test Certificates tab on the SSL Certificates page.
If the test certificate is not displayed in the certificate list, refresh the page.
Step 1: Creating a Free Certificate (Method 2)
- Log in to the management console.
- Click in the upper left corner of the page and choose . The service console is displayed.
- In the navigation pane, choose SSL Certificate Manager > SSL Certificates.
- In the upper right corner of the page, click Buy Certificate to go to the certificate purchase page.
- On the certificate purchase page, set parameters.
- Domain Type: Select Single domain.
- Certificate Type: Select DV (Basic).
- Certificate Authority: Select DigiCert.
- After you select a certificate type and CA, other parameters, such as Domain Quantity, Validity Period, and Quantity, are configured automatically.
Figure 1 Free certificate configuration
- Click Next.
- Confirm the order information and agree to the CCM statement by selecting I have read and agree to the Cloud Certificate Manager Statement. Click Pay.
- On the displayed page, select a payment method.
After you pay for the order, you can view the created test certificate on the Test Certificates tab on the SSL Certificates page.
Step 2: Submit a Certificate Application to the CA
After you create a test certificate, associate a domain name with the certificate, provide additional details, and then submit the application for approval.
- On the SSL Certificates page, click the Operation column of the row containing the target test certificate, click Apply for Certificate. tab. In the
- On the displayed page, enter the domain name and contact information.
- Enter the domain name information. Table 1 describes the parameters.
Figure 2 Domain name configuration
Table 1 Domain name parameters Parameter
Description
Example Value
CSR
To obtain an SSL certificate, a Certificate Signing Request (CSR) file needs to be submitted to the CA for review. A CSR contains a public key and a distinguished name (DN). Typically, a CSR is generated by a web server. A pair of public and private keys are created along with the CSR.
Options:- System generated CSR: The system automatically generates a certificate private key. Once the certificate is issued, you can download your certificate and private key on the certificate management page.
- Upload a CSR: You need to manually generate a CSR file and paste the content of the CSR file generated into the text box. For more details, see How Do I Make a CSR File?
System generated CSR
Domain Name
The domain name for which the certificate is used
Example: If your domain is www.domain.com, enter www.domain.com for Domain Name.
To associate a Chinese domain name with a certificate, use encoding tool Punycode to encode the Chinese domain name and then enter the encoded data.
For example, if the encoded data is xn--siq1ht8k.com, set this parameter to xn--siq1ht8k.com.
www.domain.com
- Click Next. The Provide Organization/Authorization Details page is displayed.
- Enter the company contact information. Table 2 describes the parameters.
Figure 3 Configuring authorization information
Table 2 Parameter description Parameter
Description
Example Value
Company Contact/Authorizing Person Information
You only need to enter the name, phone number, and email address of the contact.
To get your certificate issued quickly, the phone number and email address entered must be valid.
None
(Optional) Technical Contact Information
The parameter is optional. You can skip it.
None
- Enter the domain name information. Table 1 describes the parameters.
- After confirming that the entered information is correct, read through the Cloud Certificate Manager Statement, Privacy Statement, and the authorization statement, and check the box to agree to the disclaimer and statements
- Click Submit.
The system will submit your application to the CA. During the approval process, make sure that you can be reached by phone and that you regularly check for emails from the CA.
Step 3: Verify Domain Ownership by DNS
Domain name ownership verification by DNS is to verify domain ownership by resolving a specific DNS record on the platform hosting the domain name. To this end, you need to add a DNS record for your domain name on the platform. For example, if you purchase a domain name from company A, you need to add a TXT DNS record for your domain name on the domain name management platform of company A. For details about how to verify domain name ownership by DNS, see Verifying Domain Ownership by Resolving the DNS Record.
- If you apply for a domain name on Huawei Cloud and the domain name has been resolved by Huawei Cloud DNS, the system automatically adds DNS records for verification.
- If your domain name is hosted on other platforms, such as www.net.cn, www.xinnet.com, and www.dnspod.cn, you need to go to the DNS service provider of the domain name to perform the verification.
For more details, see DNS Verification.
- After you submit a certificate application to a CA, complete the domain name ownership verification by DNS as required, or your certificate will be stuck in the Pending domain name verification state and will the CA's validation.
- After you complete the DNS verification on your side, it still takes a while for the CA to review your DNS verification results.
Step 4: Issue the Certificate
After the domain name ownership is verified using DNS, it takes some time for the CA to approve your application. The CA will issue the certificate only after they validate your information.
The certificate takes effect immediately upon issuance. You can deploy the certificate to other cloud products on Huawei Cloud or download the certificate and deploy it on a server.
- 0 to 1 hour after the application is submitted: The CA checks the verification status every 15 minutes. Generally, if the configuration is correct, the certificate is issued within 10 to 20 minutes.
- 1 to 4 hours after the application is submitted: The CA checks the verification every 30 minutes.
- 4 to 24 hours after the application is submitted: The CA checks the verification every hour.
- 1 to 7 days after the application is submitted: The CA checks the verification every 4 hours.
- If you did not complete the required verification over 7 days after the application is submitted, the order times out and is automatically canceled. In this case, locate the causes and solve the problem by referring to Why Does the Certificate Stay in the CA Verifying Status for a Long Time?
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot