Updated on 2024-09-18 GMT+08:00

How Do I Select an SSL Certificate?

This topic describes all you want to know about how to select an SSL certificate that meets your business needs.

For more details, see Differences Between Certificate Types

Which Certificate Type Is Suitable for Me?

When you purchase SSL certificates, you can select OV, OV Pro, EV, EV Pro, or DV (Basic) for Certificate Type.

  • EV certificates are recommended for finance and payment service businesses. For other enterprises, OV or higher-level certificates are recommended.
  • For use on mobile devices or in interface invocation, OV or higher-level certificates are recommended.
  • If you do not have a business license, you can apply for only basic DV certificates.

Which Certificate Authorities Are Available?

The following table lists the CAs supported by SCM and the certificate types each CA provides.

Table 1 Certificate authorities

Certificate Authority

Description

SSL DV Certificates Supported

SSL OV Certificates Supported

SSL EV Certificates Supported

DigiCert

DigiCert, formerly Symantec, is the world's largest CA. It provides services for more than 100,000 customers in over 150 countries and regions.

Advantages: High security, stability, and compatibility. Suitable for digital transactions with high security requirements and widely used by financial institutions.

Yes

Single-domain certificates supported

Yes

Single-domain, multiple-domain, and wildcard-domain certificates supported

Yes

Single-domain and multi-domain certificates supported

GeoTrust

GeoTrust, the world's second largest CA, is an industry-leading provider of identity and trust validation. It is committed to offering the best service at the lowest price possible to enterprises of all sizes.

Advantages: Powered by DigiCert. High security, stability, and compatibility, cost-effective, and less know-how required for HTTPS protection

Yes

Single-domain and wildcard-domain certificates supported

Yes

Single-domain and wildcard-domain certificates supported

Yes

Single-domain and multi-domain certificates supported

Promotion activities

  • Single domain names (using domain name www.a.com and root domain name a.com as an example)
    Figure 1 Promotion activities
  • Wildcard domain name (using domain names *.a.com and *.a.b.com as an example)
    Figure 2 Promotion activities

Which Domain Type Should I Select?

You need to confirm the types of domain names you want to protect. In SCM, options for Domain Type can be Single domain, Multiple domains, or Wildcard.

Table 2 Domain Type

Parameter

Description

Single domain

Single-domain certificates

Only one common domain name can be associated.

If you have only one domain name, select Single domain.

Multiple domains

Multi-domain certificate

  • Multiple domains can be added to a certificate. Multiple single domains can be set for domains. For example, you can use one multi-domain certificate to protect domains example.com, example.cn, and test.com.
  • You need to configure the domain quantity based on the number of domains you need to protect with a single multi-domain certificate.
  • Different promotion activities are offered by CAs for subdomain names, or www domain names. For details, see Which Certificate Authorities Are Available? The following uses subdomain name www.a.com and root domain name a.com as an example to show the differences.
    • For DigiCert and GeoTrust certificates, you can purchase a certificate for either the root domain or the subdomain to protect both domains at the same time. For example, if you plan to purchase a multi-domain certificate issued by DigiCert or GeoTrust and expect to use this certificate to protect www.a.com and a.com, just associate www.a.com or a.com with the certificate.
  • The number of domain names ranges from 2 to 250. A maximum of 250 domain names can be protected with a certificate.

If you have multiple domain names, select Multiple domains. Purchase domain names of the required quantity on the purchase page.

Wildcard

Wildcard-domain certificates

  • Only one wildcard domain name can be associated.
  • A wildcard domain name is the one that starts with a wildcard (*), for example, *.huaweicloud.com or *.example.huaweicloud.com.
  • Only the same-level domain matching is supported. For example, a certificate associated with *.huaweicloud.com can protect p1.huaweicloud.com but not p2.p1.huaweicloud.com. If you need to protect p2.p1.huaweicloud.com, purchase a wildcard-domain certificate for *.p1.huaweicloud.com. For details about more level matching rules, see Table 3.

If your domain names are of the same level, you can select Wildcard for Domain Type.

You can use one SSL certificate to protect more than one wildcard domain name and more than one common domain name. For details, see How Do I Apply for a Combination Certificate?

To purchase a wildcard-domain certificate, you need to pay attention to the domain name matching rules. Table 3 are some examples.

Table 3 Examples of wildcard-domain matching rules

Domain name

Matched Domain Name

Unmatched Domain Name

*.huaweicloud.com

test.huaweicloud.com, yun.huaweicloud.com, example.huaweicloud.com, and other domain names

abc.test.huaweicloud.com, yun.test.huaweicloud.com, example.test.huaweicloud.com, and other domain names

*.test.huaweicloud.com

abc.test.huaweicloud.com, yun.test.huaweicloud.com, example.test.huaweicloud.com, and other domain names

abc.huaweicloud.com, yun.huaweicloud.com, example.huaweicloud.com, and other domain names

  • For wildcard-domain certificates, only those associated with root domain names support the domain names. A wildcard-domain certificate can protect matched domain names of the same level but not the tertiary domain names. The matching rules are as follows:
    • If the primary domain name for a wildcard-domain certificate is a top-level domain name, the certificate can be used for the primary domain name the wildcard domain matches by default. For example, if you purchase a wildcard-domain certificate for *.huaweicloud.com, you can use the certificate for huaweicloud.com. You do not need to purchase another certificate for huaweicloud.com.
    • If the primary domain name for a wildcard-domain certificate is not a top-level domain name, the certificate cannot be for the domain names with levels unmatched the wildcard domain name. For example, a wildcard-domain certificate for *.p1.huaweicloud.com cannot be used for p1.huaweicloud.com or huaweicloud.com. To protect p1.huaweicloud.com or huaweicloud.com, you need to purchase a new certificate.
  • If the www subdomain is associated with a certificate, the certificate also protects the root domain. For example:

    A certificate purchased for domain www.huaweicloud.com can also protect huaweicloud.com. There is no need to purchase another certificate.

  • Once your digital certificate is issued, the associated domain cannot be changed.

Table 4 provides domain type selection examples.

Table 4 Domain type selection examples

Example Scenario

Example Domain Name

Domain Type Selection

Quantity Selected

You have only one domain.

huaweicloud.com

Single domain

Single-domain type. The value of Quantity is fixed at 1.

test.huaweicloud.com

Single domain

p1.test.huaweicloud.com

Single domain

You have multiple domains.

Two domains

huaweicloud.com and p1.huawei.com

Multiple domains

2

Three domains

huaweicloud.com, p1.huawei.com, and p1.test.huaweicloud.cn

Multiple domains

3

Four domains

huaweicloud.com, test.huaweicloud.cn, p1.test.huaweicloud.cn, and p1.test.yun.huaweicloud.com

Multiple domains

4

You have multiple domains at the same level.

test.huaweicloud.com, yun.huaweicloud.com, example.huaweicloud.com, and other domain names are the same level and are part of *.huaweicloud.com.

Wildcard domain

Wildcard domain type. The value of Quantity is fixed at 1.