All Products
Document Center

Certificate Management Service:Get started with SSL Certificates Service

Last Updated:Sep 05, 2023

You can use an SSL certificate to enable HTTPS encryption for your website. This topic walks you through how to purchase and use a certificate. You can quickly understand the operations that you can perform in the Certificate Management Service console.






Purchase a certificate.

A certificate is a collection of certificate resources that you can purchase in the Certificate Management Service console. You can perform certificate-related operations, such as submitting a certificate application and downloading the certificate after the certificate is issued.

Purchase a certificate


Use the purchased certificate to submit a certificate application to the certificate authority (CA).

A CA is an organization that issues certificates. You can use the purchased certificate to submit a certificate application to a CA. After the CA approves your certificate application, the CA issues the certificate to you.

Submit a certificate application


Install an issued certificate on your web server or deploy the certificate to an Alibaba Cloud service.

A web server and clients can communicate over HTTPS only after the required certificate is installed on the web server. The operations to install issued certificates on web servers vary based on the server type. Links to the topics about how to install certificates on common web servers are provided for reference.

You can deploy issued certificates to specific Alibaba Cloud services with a few clicks. Some Alibaba Cloud services require certificates to deliver specific functionality. If you deploy certificates to these services, you must also install certificates on web servers.

Installation overview


If a certificate is about to expire, renew the certificate and replace the certificate with the newly issued certificate.

By default, the validity period of a certificate issued by a CA is one year. After your certificate expires, the certificate is no longer trusted by your website, and your services cannot be accessed by clients over HTTPS. You can manually renew a certificate within 30 calendar days before it expires.

If a certificate is renewed, a new certificate that has the same specifications as the renewed certificate is purchased. Then, you can apply for the new certificate. After a certificate is renewed, you must install the newly issued certificate on your web server or deploy it to an Alibaba Cloud service to replace the existing certificate.

Certificate renewal


If you no longer need the certificate, submit an application to the CA to revoke the certificate.

If you no longer require a valid certificate, we recommend that you submit an application in the Certificate Management Service console to the CA to revoke the certificate. If the certificate is not revoked in time, security risks may occur. For example, the certificate information may be stolen. After the certificate is revoked, the certificate is deregistered from the CA that issued the certificate, and the revoked certificate becomes invalid.

Revoke an SSL certificate