This topic describes how to select a certificate type, certificate brand, and domain name type.
How do I select a certificate type?
- For general enterprises, we recommend that you purchase organization validated (OV) certificates or certificates that provide a higher level of trust. For financial or payment enterprises, we recommend that you purchase extended validated (EV) certificates.
- For mobile websites or API call-related applications, we recommend that you purchase OV certificates or certificates that provide a higher level of trust.
How do I select a certificate brand?
- The following certificate brands are sorted in descending order of compatibility: DigiCert > GeoTrust > CFCA.
- For mobile websites or API call-related applications, we recommend that you purchase DigiCert certificates.
How do I select a domain name type?
Domain name type | Description |
---|---|
Single domain name | If you select this type for a certificate, the certificate can protect only one parent domain name, one subdomain, or one public IP address. Example: www.aliyundoc.com. |
Multiple domain names | If you select this type for a certificate, the certificate can protect multiple single domain names. The domain names can be top-level domains (TLDs) or non-TLDs such as demo.example.com and guide.developer.aliyundoc.com. You can bind up to 250 single domain names to a multi-domain certificate. |
Wildcard domain name | A wildcard domain name can match its parent domain name and all first-level subdomains of the parent domain name. For example, if you bind the wildcard domain name *.aliyundoc.com to a certificate, the certificate is automatically assigned to its parent domain name aliyundoc.com free of charge. The domain name *.aliyundoc.com can match first-level subdomains such as www.aliyundoc.com and example.aliyundoc.com. The domain name *.aliyundoc.com cannot match second-level subdomains such as www.example.aliyundoc.com. A wildcard domain name can match only subdomains at the same level. For example, *.aliyundoc.com can match demo.aliyundoc.com. However, *.aliyundoc.com cannot match learn.demo.aliyundoc.com. If you want to bind learn.demo.aliyundoc.com to the wildcard certificate, you must purchase a new wildcard certificate and bind *.demo.aliyundoc.com to the certificate. A multi-domain wildcard certificate allows you to bind multiple wildcard domain names. Certificate Management Service allows you to apply for only a single-domain wildcard certificate to which a single wildcard domain name is bound. You cannot apply for a multi-domain wildcard certificate. To obtain a multi-domain wildcard certificate, you can combine multiple certificates of the same brand and type. For more information, see Combine certificate instances. |
Hybrid domain name | A hybrid certificate allows you to bind both single and wildcard domain names. For example, if you bind the *.aliyundoc.com and demo.example.com domain names to a certificate, the certificate is a hybrid certificate. Certificate Management Service does not allow you to apply for a hybrid certificate. To obtain a hybrid certificate, you can combine multiple certificates of the same brand and type. For more information, see Combine certificate instances. |
- If the domain name that you bind to a certificate is a wildcard domain name, the certificate is also assigned to the parent domain name of the domain name. Examples:
- The certificate to which the wildcard domain name *.aliyundoc.com is bound is also assigned to aliyundoc.com.
- The certificate to which the wildcard domain name *.demo.aliyundoc.com is bound is not assigned to demo.aliyundoc.com.
- If the domain name that you bind to a certificate starts with www, the certificate is also assigned to the parent domain name of the domain name. Examples:
- The certificate to which www.aliyundoc.com is bound is also assigned to aliyundoc.com.
- The certificate to which www.demo.aliyundoc.com is bound is not assigned to demo.aliyundoc.com.
- You cannot change the domain names that are bound to a certificate after the certificate is issued.