This topic describes the brands and types of SSL certificates, the types of domain names, and the supported encryption algorithms.

Certificate types

Alibaba Cloud Certificate Management Service supports the following types of certificates: domain validated (DV) certificates, organization validated (OV) certificates, and extended validation (EV) certificates. Different types of certificates provide different levels of security, support different certificate brands, and are suitable for different types of websites.
Certificate type Applicable website Credibility level Authentication strength Security level Supported certificate brand
DV certificate Websites of individuals Moderate Certificate authorities (CAs) verify the authenticity of a website. CAs do not verify the authenticity of an enterprise. Moderate
  • DigiCert
  • GlobalSign
OV certificate Websites of organizations such as public service sectors, enterprises, and educational institutions High CAs verify the authenticity of an organization or an enterprise. High
  • DigiCert
  • Entrust
  • GlobalSign
EV certificate Websites of organizations such as large-sized enterprises and financial institutions Highest CAs perform strict authentication. Highest
  • DigiCert
  • Entrust

Certificate brands

The following table describes the certificate brands that are supported by Certificate Management Service. Certificate brands are also known as CAs.
Certificate brand CA Description
DigiCert DigiCert, Inc. DigiCert is a well-known and trusted SSL certificate brand in the industry. All DigiCert certificates use prominent encryption technologies to provide enhanced security solutions for different websites and servers. DigiCert is formerly known as Symantec.
Entrust Entrust Limited. Entrust is a renowned CA that has established a trusted virtual environment. Entrust allows users to conduct secure digital transactions and communications from all locations.

Entrust provides trust services for websites, software developers, and individuals. The services include issuing SSL certificates that are used for website authentication and encryption. More than 83% of the Fortune Global 500 companies use Entrust SSL certificates.

GlobalSign GMO GlobalSign Pte Ltd. GlobalSign is an early CA in the industry. GlobalSign has been committed to network security authentication and digital certificate services. GlobalSign is a trusted CA and SSL certificate provider.

Domain name types

The following table describes the differences among the types of domain names that are supported.
Important You cannot bind multiple domain names or hybrid domain names to DV certificates. You cannot bind wildcard domain names or hybrid domain names to EV certificates.
Domain name type Description
Single domain name A single-domain certificate can protect only one primary domain, one subdomain, or one public IP address. Example: www.aliyundoc.com.
Multiple domain names A multi-domain certificate allows you to bind multiple single domain names. You can bind up to 250 single domain names to a multi-domain certificate.
Wildcard domain name A wildcard domain name can match its parent domain name and all first-level subdomains of the parent domain name. For example, if you bind the wildcard domain name *.aliyundoc.com to a certificate, the certificate is automatically applied to its parent domain name aliyundoc.com free of charge. The domain name *.aliyundoc.com can match first-level subdomains such as www.aliyundoc.com and example.aliyundoc.com. The domain name *.aliyundoc.com cannot match second-level subdomains such as www.example.aliyundoc.com.

A multi-domain wildcard certificate allows you to bind multiple wildcard domain names. Certificate Management Service allows you to apply for only a single-domain wildcard certificate to which a single wildcard domain name is bound. You cannot apply for a multi-domain wildcard certificate. To obtain a multi-domain wildcard certificate, you can combine multiple certificates of the same brand and type. For more information, see Combine certificate instances.

Hybrid domain name A hybrid certificate allows you to bind both single and wildcard domain names. For example, if you bind the *.aliyundoc.com and demo.example.com domain names to a certificate, the certificate is a hybrid certificate.

Certificate Management Service does not allow you to apply for a hybrid certificate. To obtain a hybrid certificate, you can combine multiple certificates of the same brand and type. For more information, see Combine certificate instances.

Supported encryption algorithms

SSL certificates support the following encryption algorithms:
  • RSA: The RSA algorithm is an asymmetric algorithm that is widely used and provides high compatibility.
  • ECC: The ECC algorithm is a public key encryption algorithm based on elliptic curves. Compared with the RSA algorithm, the ECC algorithm is more advanced and secure. The ECC algorithm provides faster encryption and higher efficiency at lower server resource consumption. The ECC algorithm is promoted among mainstream browsers.
  • SM2: The SM2 algorithm is developed and approved by the State Cryptography Administration of China based on the ECC algorithm. The SM2 algorithm is used to replace the RSA algorithm in Chinese commercial cryptography systems.
The following table describes the encryption algorithms that are supported by different certificate brands.
  • √: supported
  • ×: not supported
Certificate brand Certificate type RSA ECC SM2
DigiCert DV √ × ×
OV √ √ ×
EV √ × ×
Entrust OV √ × ×
EV √ × ×
GlobalSign DV √ × ×
OV √ √ ×