As a top-level domain (TLD) for which HTTPS encryption is enabled by default, .app is preloaded to the HTTP Strict Transport Security (HSTS) preload list. Websites that are built by using the .app domain name must use the HTTPS protocol to provide services. After you deploy an SSL certificate to a web server, encrypted connections can be established between the web server and websites to ensure the security of data transmission. This topic describes the concepts that are related to SSL certificates and the services that are provided to manage SSL certificates.
What is an SSL certificate?
A Secure Sockets Layer (SSL)/Transport Layer Security (TLS) certificate is a digital certificate that authenticates a website's identity and encrypts information sent between a server and a user's browser. By enabling the HTTPS protocol, these certificates ensure that data is transmitted securely and remains private and integral. Certificates are issued by a trusted Certificate Authority (CA) after verifying the identity of the domain name registrant.
Alibaba Cloud Certificate Management Service supports certificate purchase and issuance. Certificate Management Service also provides the following services.
Service | Description | References |
Deploy SSL certificates to Alibaba Cloud services | If you purchased Alibaba Cloud services such as Web Application Firewall (WAF), Application Load Balancer (ALB), and Network Load Balancer (NLB), you can deploy SSL certificates to the services and update SSL certificates in the Certificate Management Service console in a quick manner. | |
Manage third-party SSL certificates free of charge | Certificate Management Service allows you to upload an SSL certificate that is purchased and issued from a third-party certificate service provider to the Certificate Management Service console for centralized management. |
Configure an SSL certificate in a quick manner
You can use an SSL certificate to enable HTTPS encryption for your website. This following table walks you through how to purchase and use a certificate. You can quickly understand the operations that you can perform in the Certificate Management Service console.
Step | Operation | Description | References |
1 | Purchase a certificate. | A certificate is a collection of certificate resources that you can purchase in the Certificate Management Service console. You can perform certificate-related operations, such as submitting a certificate application and downloading the certificate after the certificate is issued. | |
2 | Use the purchased certificate to submit a certificate application to the certificate authority (CA). | A CA is an organization that issues certificates. You can use the purchased certificate to submit a certificate application to a CA. After the CA approves your certificate application, the CA issues the certificate to you. | |
3 | Install an issued certificate on your web server or deploy the certificate to an Alibaba Cloud service. | A web server and clients can communicate over HTTPS only after the required certificate is installed on the web server. The operations to install issued certificates on web servers vary based on the server type. Links to the topics about how to install certificates on common web servers are provided for reference. You can deploy issued certificates to specific Alibaba Cloud services with a few clicks. Some Alibaba Cloud services require certificates to deliver specific functionality. If you deploy certificates to these services, you must also install certificates on web servers. | |
4 | If a certificate is about to expire, renew the certificate and replace the certificate with the newly issued certificate. | By default, the validity period of a certificate issued by a CA is one year. After your certificate expires, the certificate is no longer trusted by your website, and your services cannot be accessed by clients over HTTPS. You can manually renew a certificate within 30 calendar days before it expires. If a certificate is renewed, a new certificate that has the same specifications with the renewed certificate is purchased. Then, you can apply for the new certificate. After a certificate is renewed, you must install the newly issued certificate on your web server or deploy it to an Alibaba Cloud service to replace the existing certificate. | |
5 | If you no longer need the certificate, submit an application to the CA to revoke the certificate. | If you no longer require a valid certificate, we recommend that you submit an application in the Certificate Management Service console to the CA to revoke the certificate. If the certificate is not revoked in time, security risks may occur. For example, the certificate information may be stolen. After the certificate is revoked, the certificate is deregistered from the CA that issued the certificate, and the revoked certificate becomes invalid. |