Why Alibaba Cloud Certificate Management Service?
Digital certificates provide a secure and trusted method to encrypt communications, verify identities, protect data integrity, and establish trust relationships between communicating parties. Digital certificates are an important tool that is used to protect sensitive information and meet security requirements. Alibaba Cloud Certificate Management Service provides a convenient, secure, and reliable certificate management solution that integrates SSL certificate lifecycle management on the cloud and digital certificate applications.
-
Direct Purchase from CAs CA/B
Certificate applications are submitted for approval to global leading CAs, such as DigiCert and GlobalSign. This way, certificates that have high security, trust levels, and reliability are issued.
-
Automated Management
Certificate Management Service provides the automated certificate management feature. The feature automatically detects and renews certificates that are about to expire, monitors the status of certificates in real time, and supports alerting.
-
Quick Deployment to Cloud Services
You can log on to the Certificate Management Service console to deploy certificates to cloud services such as WAF, ALB, and NLB with a few clicks. Certificate Management Service is developing support for more cloud services.
-
7-day Money-back Guarantee
After you place a purchase order, you are eligible for a 7-day money-back guarantee in the following conditions: A certificate application is not submitted, no gateway resource calculation quantity (GRCQ) quota is consumed by using the HTTPS acceleration gateway feature, or the root CA or intermediate CA that is enabled for private certificates is reset.
-
Various API Operations
You can call API operations for full-lifecycle certificate management, including certificate purchase, application, issuance, download, and upload. The API operations help you implement automated certificate management and improve efficiency and flexibility.
-
Tools
Certificate Management Service provides free features, including SSL certificate format conversion and certificate status detection. You can use the same certificate on different systems and devices, learn about the status of a certificate at the earliest opportunity, and implement necessary measures.
Scenarios
HTTPS Encryption for Websites, Apps, and Mini Programs
HTTP websites are prone to data theft. HTTP websites that do not meet the security authentication requirements of browsers are marked as insecure upon access to the websites. As a result, users cannot access the websites, and related apps or mini programs cannot be published. This affects business development. If a web page is protected by a digital certificate, a green address bar is displayed in a browser, and a lock icon and the https prefix are displayed in the address bar. 
Identity Authentication
SSL is critical for meeting Payment Card Industry Data Security Standard (PCI DSS) requirements. When a user accesses a website, the user checks the identity information of the certificate holder to determine the authenticity of the website. You can use certificates to protect websites and block cyber harassment attacks, phishing websites, and man-in-the-middle attacks. This also improves the search engine rankings of websites. Anti-tamper and Anti-leak
During data transmission, encrypted connections are established to ensure the confidentiality of transmitted data. This also protects account security and prevents data from being tampered with or leaked. Improved Search Engine Rankings
You can use certificates to improve the trust level of your website, improve user experience, accelerate page loading, and optimize mobile device experience. This helps the website achieve a higher search engine ranking.
Guide to select an SSL certificate > Purchase SSL Certificates >
SSL Certificates
|
Certificate Type
|
Verification Method
|
Applicable Website
|
Issuing Time
|
Supported Certificate Brand
|
Price
|
|
|---|---|---|---|---|---|---|
| Domain Name Verification | The DNS verification method is supported. You need only to submit the domain name. | The websites that are not used for transaction or the collection of personal information, such as the blogging website and personal website. | The SSL certificate can be issued within a minimum of 10 minutes. |
Alibaba Cloud DigiCert GlobalSign |
From $ 68.31 USD per certificate-year | Buy Now |
| Organization Verification | You need to submit the domain name that you want to verify, the information about your enterprise, and a valid business license. | The e-commerce websites and applications, and the websites for small and medium-sized enterprises. | The SSL certificate is issued within three to seven business days in most cases, and can be issued within a minimum of one business days |
DigiCert GlobalSign |
From $ 307.12 USD per certificate-year | Buy Now |
| Extension Verification | You need to submit the domain name that you want to verify, the information about your enterprise and its actual operations, and a valid business license. | The large financial platforms and the websites for large-sized enterprises and government units. | The SSL certificate is issued within three to seven business days in most cases, and can be issued within a minimum of two business days | DigiCert | From $ 1053.36 USD per certificate-year | Buy Now |
Integrated Solution for Security and Website Acceleration
HTTPS Acceleration Gateway seamlessly integrates SSL certificates with Alibaba Cloud CDN (CDN) to accelerate and encrypt HTTPS-based access for websites and provide fully managed services. You do not need to perform certificate O&M. You can improve the performance and security of your website with ease and view the details of resource usage. This way, your costs are more controllable, and you can manage your budget with ease. Significantly Reduced Certificate O&M
No need to apply for, deploy, or update certificate of the origin server. You can access the HTTPS Acceleration Gateway by only resolving the domain name. Automatic renewal is also supported. Support Monthly Subscription
You can subscribe to the HTTPS Acceleration Gateway feature on a monthly basis. This minimizes your investment and you can flexibly extend the subscription duration based on your business requirements. Website Acceleration
The HTTPS Acceleration Gateway feature enhances both the access speed and user experience, and also reduces the workload of the origin server.
Purchase guide for the HTTPS Acceleration Gateway feature > Purchase HTTPS Acceleration Gateway >
HTTPS Acceleration Gateway Instance
|
Edition
|
Applicable Website
|
Price
|
|
|---|---|---|---|
| Starter Edition - Single Domain Name | You can implement HTTPS acceleration for the testing of personal websites. Special domain names that end with org or jp are not supported. | $ 1.60 USD per instance-month | Buy Now |
| Basic Edition - Single Domain Name | You can implement HTTPS acceleration for a single domain name of any type. | $ 27.60 USD per instance for six months | Buy Now |
| Basic Edition - Wildcard Domain Name | You can use a wildcard domain name to implement HTTPS encryption and acceleration for all subdomains of the wildcard domain name and all resources of the website. | $ 117.60 USD per instance for six months | Buy Now |
Two-way Authentication
Web applications may encounter the following issues: traffic attacks launched by illegal clients, untrusted clients, and insecure and unreliable data transmission in B2B services. Some industries and organizations need to comply with special regulations on data confidentiality and protection, and use digital certificates to meet security and compliance requirements. Meet Requirements for Two-way SSL Authentication
Two-way SSL authentication helps ensure that both identities of a connection are trusted and prevents man-in-the-middle attacks. For example, two-way SSL authentication is required for remote procedure call (RPC) connections and IoT devices.Improve Server-side Traffic Security
Two-way authentication helps block access from untrusted clients and improve server-side traffic security.
Apply for a free trial of PCA > Purchase and enable a PCA >
Private Root CA
|
Certificate Algorithm
|
Benefits
|
Supported Private Key Algorithm
|
Price
|
|
|---|---|---|---|---|
| RSA | The Rivest-Shamir-Adleman (RSA) algorithm is supported and applied on a global scale with the highest compatibility. | RSA_1024, RSA_2048, RSA_4096 | $ 760.00 USD per month | Free Trial |
| ECC | The elliptic curve cryptography (ECC) algorithm provides high compatibility and security. Compared with other algorithms of the same security level, ECC requires fewer computing resources and the key is shorter in length. | ECC_256, ECC_384, ECC_512 | $ 800.00 USD per month | Free Trial |
| SM | The ShangMi (SM) algorithm meets the national standard of China and is widely applied in the Chinese mainland. | SM2_256 | $ 1000.00 USD per month | Free Trial |
