This topic introduces the basic concepts related to Alibaba Cloud Certificate Management Service.

digital certificate

A digital certificate is a document signed by a certificate authority (CA). The certificate contains information about the public key owner and the public key. It is a trusted credential that is issued by a CA to a website. A certificate must contain a public key, a certificate name, and a digital signature provided by a CA.

Digital certificates are valid only for a specific period of time.


CA stands for certificate authority.

A CA is a trusted third party in e-commerce transactions. A CA is responsible for verifying the validity of public keys.

validity period

From September 1, 2020, certificates issued by CAs are valid for up to one year. Therefore, the certificates that you apply for by using Certificate Management Service are valid for one year.


SSL is a protocol that is used for data encryption in transmission between browsers and websites. It prevents data tampering and data theft during data transmission.

SSL certificate

An SSL certificate is a trusted credential that is issued by a CA to a website. It uses the SSL protocol for communications and implements website identity authentication and encrypted transmission.

SSL provides an encryption mechanism for application data transmission on a TCP/IP network. The protocols of the applications include HTTP, Telnet, and FTP. SSL uses public keys to encrypt data transmitted over TCP/IP connections, ensure message integrity, and authenticate servers and clients. Client authentication is optional.

An SSL certificate adopts public key cryptography, which uses a pair of keys to encrypt and decrypt data. Each user creates a private key that is not disclosed to anyone for decryption and signature. The user also creates a public key and discloses this key to a group of users for encryption and signature verification.

After you install an SSL certificate on a web server, HTTPS is enabled for the web server. Your website will transmit data over HTTPS, which helps establish trusted and encrypted connections between your website and the web server. This ensures the security of data during transmission.

For more information about the private keys of certificates, see What are a public key and a private key?


HTTPS is a combination of HTTP and SSL. It is a secure version of HTTP and encrypts website communications based on SSL.

After you install an SSL certificate on the server of your website, HTTPS is enabled to activate the SSL-encrypted channel between browsers and the web server. This enables bidirectional encrypted transmission and prevents data tampering and data leak during transmission.

domain name

A domain name is a representation of an IP address. A domain name consists of a string of names separated by periods (.) and is used to identify a server or a group of servers during data transmission.

Single domain names are in the simplest structure. Example:

A wildcard domain name can match its parent domain name and all first-level subdomains of the parent domain name. For example, if you bind the wildcard domain name * to a certificate, the certificate is automatically applied to its parent domain name free of charge. The domain name * can match first-level subdomains such as and The domain name * cannot match second-level subdomains such as

wildcard certificate

A wildcard certificate is also called a wildcard domain certificate. If a wildcard domain name, such as *, is bound to a certificate, the certificate is a wildcard certificate.

A multi-domain wildcard certificate is a certificate to which multiple wildcard domain names are bound. Certificate Management Service allows you to apply for only a wildcard certificate to which a single wildcard domain name is bound. You cannot apply for a multi-domain wildcard certificate. To obtain a multi-domain wildcard certificate, you can combine multiple certificates of the same brand and type. For more information, see Combine certificate instances.

hybrid certificate

A hybrid certificate is a certificate whose bound domain names include both single and wildcard domain names. For example, if a certificate is bound to the * and domain names, the certificate is a hybrid certificate.

Certificate Management Service does not allow you to apply for a hybrid certificate. To obtain a hybrid certificate, you can combine multiple certificates of the same brand and type. For more information, see Combine certificate instances.


NGINX is a lightweight web server and processes highly concurrent connections. You can configure it as a reverse proxy server or an email proxy server that complies with Internet Message Access Protocol (IMAP) or Post Office Protocol version 3 (POP3). NGINX is based on BSD-like licenses. NGINX runs on different operating systems, such as Linux, Windows, FreeBSD, Solaris, AIX, and macOS. It can be used for reverse proxy, load balancing, and dynamic and static separation.


Tengine is a web server project initiated by Taobao. It supports all the features of NGINX and is compatible with NGINX configurations.


PuTTY is a piece of connection software that allows you to perform operations by using Telnet, SSH, rlogin, pure TCP, and serial interfaces. It can remotely manage Linux and Windows operating systems.


Xshell is a powerful terminal emulator. It supports Telnet on SSH1 and SSH2 clients and also in Windows. XShell can remotely manage servers that run different operating systems from Windows. Xshell supports VT100, VT220, VT320, Xterm, Linux, SCO ANSI, and ANSI terminals and provides a variety of terminal screen views to replace traditional Telnet clients.


Community Enterprise Operating System (CentOS) is an enterprise-grade Linux distribution and is derived from the sources of Red Hat Enterprise Linux. CentOS is open source and free of charge.


A certificate signing request (CSR) file contains the information about your server and company. When you apply for an SSL certificate, you must submit the CSR file to the CA. The CA signs the CSR file by using the private key of the root certificate and generates a public key file to issue your certificate.