All Products
Search

This Product

    Certificate Management Service:Billing for PCA

    Document Center

    Certificate Management Service:Billing for PCA

    Last Updated:Jan 23, 2026

    Private Certificate Authority (PCA) lets you build a private CA platform for your enterprise using a simple, visual interface. This platform manages identity authentication and data encryption for internal applications. This topic describes the billable items for the PCA service and the rules for expiration, renewal, and refunds.

    Billable items

    Important

    The prices in the following table are for reference only. For the actual prices, see the service purchase page.

    Service type

    Billing method

    Price

    Billing rule

    Private root CA

    Subscription

    USD 760/month

    Unit price of a private root CA (in USD/month) × subscription duration

    Note

    Each root CA instance includes one root CA, one intermediate CA, and a quota for 10 free private certificates. The following rules apply to the free quota:

    • Usage period: You must use the quota to issue certificates within 30 days from the date of purchase. Unused quota expires and is purged.

    • Certificate validity period: Certificates issued using the free quota are valid for 30 days from the date of issuance. Their validity period is not extended when you renew the root CA. For separately purchased private certificates, you can customize the validity period.

    Private intermediate CA

    Subscription

    USD 380/month

    Unit price of a private intermediate CA (in USD/month) × subscription duration

    Private certificate

    Upfront

    The unit price of private certificates decreases as the quantity increases.

    The price is the same within each of the following quantity ranges. The larger the quantity, the lower the price.

    • 1 to 1,000 certificates: USD 0.7.

    • 1,001 to 10,000 certificates: USD 0.3.

    Note

    Within each calendar year (January 1 to December 31), after the cumulative number of purchased private certificates reaches 120,000, any additional certificates are free of charge. The cumulative quantity is reset on January 1 of the next year.

    Unit price per certificate (in USD) × quantity

    Expiration

    After a root CA expires, you cannot enable it or request new certificates from it. To prevent service disruptions, renew root and intermediate CAs within 30 calendar days before they expire. If a root CA or an intermediate CA has expired, you must reactivate it.

    Renewal

    You can renew a root CA or intermediate CA in the Certificate Management Service console within 30 calendar days of its expiration. After a root CA or an intermediate CA expires, it cannot be renewed. To continue using the service, you must reactivate the expired CA in the Certificate Management Service console.

    Renew

    Important

    The renewal option is available only within 30 calendar days before a root CA or an intermediate CA expires. This operation is not available at other times.

    1. Log in to the Certificate Management Service console.

    2. In the navigation pane on the left, choose Certificate Management > PCA Certificate Management. On the PCA Certificate Management page, select the region where the PCA service is located.

    3. On the Private CAs tab, find the target private CA, and in the Actions column, click Renew.

      The CA that you need to renew depends on how the CAs were created.

      • If the root CA and the intermediate CA were created at the same time, you only need to renew the root CA. This extends the service period for both CAs.

      • If the intermediate CA was purchased separately, you must first renew the root CA to ensure it is valid. Then, you must renew the intermediate CA to extend its service period.

    4. On the private certificate renewal page, confirm the Current Configuration information, select a Subscription Duration for the renewal, read and select the Terms of Service, and then click Buy Now to complete the payment.

      After you complete the payment, the date in the Expire On column for the root CA or intermediate CA is updated on the Private CAs page in the Certificate Management Service console.

    Reactivate

    If a root CA or an intermediate CA expires, you must reactivate them separately in the Certificate Management Service console to continue using the private certificate service.

    1. Log in to the Certificate Management Service console.

    2. In the navigation pane on the left, choose Certificate Management > PCA Certificate Management. On the PCA Certificate Management page, select the region where the PCA service is located.

    3. On the Private CAs tab, find the target CA, and in the Actions column, click Reactivate.

    4. , on the Certificate Management Service page, select the CA configuration, read and select the Terms of Service, and then click Buy Now to complete the payment.

      Important

      • When you reactivate a root CA, you can only select the Certificate Algorithm and Duration. When you reactivate an intermediate CA, you can only select the Duration.

      • If the status of the CA was Disabled before reactivation, you must enable the CA after reactivation to continue using the PCA service. For more information, see Enable a private CA. If the status of the CA was Enabled before reactivation, you can use the PCA service immediately after reactivation.

    5. Optional: Return to the Certificate Management Service console to view the new expiration date of the reactivated CA.