How Do I Select an SSL Certificate?
This topic describes all you want to know about how to select an SSL certificate that meets your business needs.
For more details, see Differences Between Certificate Types
Which Certificate Type Is Suitable for Me?
When you purchase SSL certificates, you can select OV, OV Pro, EV, EV Pro, or DV (Basic) for Certificate Type.
- EV certificates are recommended for finance and payment service businesses. For other enterprises, OV or higher-level certificates are recommended.
- For use on mobile devices or in interface invocation, OV or higher-level certificates are recommended.
- If you do not have a business license, you can apply for only basic DV certificates.
Which Certificate Authorities Are Available?
The following table lists the CAs supported by SCM and the certificate types each CA provides.
Certificate Authority |
Description |
SSL DV Certificates Supported |
SSL OV Certificates Supported |
SSL EV Certificates Supported |
---|---|---|---|---|
DigiCert |
DigiCert, formerly Symantec, is the world's largest CA. It provides services for more than 100,000 customers in over 150 countries and regions. Advantages: High security, stability, and compatibility. Suitable for digital transactions with high security requirements and widely used by financial institutions. |
Yes Single-domain and wildcard-domain certificates supported |
Yes Single-domain, multi-domain, wildcard-domain, and IP-address certificates supported |
Yes Single-domain and multi-domain certificates supported |
GeoTrust |
GeoTrust, the world's second largest CA, is an industry-leading provider of identity and trust validation. It is committed to offering the best service at the lowest price possible to enterprises of all sizes. Advantages: Powered by DigiCert. High security, stability, and compatibility, cost-effective, and less know-how required for HTTPS protection |
Yes Single-domain and wildcard-domain certificates supported |
Yes Single-domain, multi-domain, wildcard-domain, and IP-address certificates supported |
Yes Single-domain and multi-domain certificates supported |
GlobalSign |
Founded in 1996, GlobalSign is one of the world's earliest CAs. A trusted CA of SSL digital certificates, they have partnered with many companies around the word. Advantages: Fast issuance and verification Widely used by large e-commerce enterprises (including Huawei Cloud), supported standard RSA+ECC algorithms, less resource required for installation |
No |
Yes Single-domain, multi-domain, wildcard-domain, and IP-address certificates supported |
Yes Single-domain and multi-domain certificates supported |
Promotion activities
- Single domain names (using domain name www.a.com and root domain name a.com as an example)
Figure 1 Promotion activities
- Wildcard domain name (using domain names *.a.com and *.a.b.com as an example)
Figure 2 Promotion activities
Which Domain Type Should I Select?
You need to confirm the types of domain names you want to protect. In SCM, options for Domain Type can be Single domain, Multiple domains, or Wildcard.
Parameter |
Description |
---|---|
Single domain |
Single-domain certificates Only one common domain name can be associated. If you have only one domain name, select Single domain. |
Multiple domains |
Multi-domain certificate
If you have multiple domain names, select Multiple domains. Purchase domain names of the required quantity on the purchase page. |
Wildcard |
Wildcard-domain certificates
If your domain names are of the same level, you can select Wildcard for Domain Type. |
You can use one SSL certificate to protect more than one wildcard domain name and more than one common domain name. For details, see How Do I Apply for a Combination Certificate?
To purchase a wildcard-domain certificate, you need to pay attention to the domain name matching rules. Table 3 are some examples.
Domain name |
Matched Domain Name |
Unmatched Domain Name |
---|---|---|
*.huaweicloud.com |
test.huaweicloud.com, yun.huaweicloud.com, example.huaweicloud.com, and other domain names |
abc.test.huaweicloud.com, yun.test.huaweicloud.com, example.test.huaweicloud.com, and other domain names |
*.test.huaweicloud.com |
abc.test.huaweicloud.com, yun.test.huaweicloud.com, example.test.huaweicloud.com, and other domain names |
abc.huaweicloud.com, yun.huaweicloud.com, example.huaweicloud.com, and other domain names |
- For wildcard-domain certificates, only those associated with root domain names support the domain names. A wildcard-domain certificate can protect matched domain names of the same level but not the tertiary domain names. The matching rules are as follows:
- If the primary domain name for a wildcard-domain certificate is a top-level domain name, the certificate can be used for the primary domain name the wildcard domain matches by default. For example, if you purchase a wildcard-domain certificate for *.huaweicloud.com, you can use the certificate for huaweicloud.com. You do not need to purchase another certificate for huaweicloud.com.
- If the primary domain name for a wildcard-domain certificate is not a top-level domain name, the certificate cannot be for the domain names with levels unmatched the wildcard domain name. For example, a wildcard-domain certificate for *.p1.huaweicloud.com cannot be used for p1.huaweicloud.com or huaweicloud.com. To protect p1.huaweicloud.com or huaweicloud.com, you need to purchase a new certificate.
- If the www subdomain is associated with a certificate, the certificate also protects the root domain. For example:
A certificate purchased for domain www.huaweicloud.com can also protect huaweicloud.com. There is no need to purchase another certificate.
- Once your digital certificate is issued, the associated domain cannot be changed.
Table 4 provides domain type selection examples.
Example Scenario |
Example Domain Name |
Domain Type Selection |
Quantity Selected |
---|---|---|---|
You have only one domain. |
huaweicloud.com |
Single domain |
Single-domain type. The value of Quantity is fixed at 1. |
test.huaweicloud.com |
Single domain |
||
p1.test.huaweicloud.com |
Single domain |
||
You have multiple domains. |
Two domains huaweicloud.com and p1.huawei.com |
Multiple domains |
2 |
Three domains huaweicloud.com, p1.huawei.com, and p1.test.huaweicloud.cn |
Multiple domains |
3 |
|
Four domains huaweicloud.com, test.huaweicloud.cn, p1.test.huaweicloud.cn, and p1.test.yun.huaweicloud.com |
Multiple domains |
4 |
|
You have multiple domains at the same level. |
test.huaweicloud.com, yun.huaweicloud.com, example.huaweicloud.com, and other domain names are the same level and are part of *.huaweicloud.com. |
Wildcard domain |
Wildcard domain type. The value of Quantity is fixed at 1. |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot