Certificate Service offers wildcard, multi-domain, and hybrid domain certificates from various brands and in different types. These certificates are suitable for websites of different domain types and sizes. This topic helps you select the most suitable SSL certificate.
Quick selection
Many factors affect SSL certificate selection, such as your budget, domain type and number, security level, encryption algorithm, and compatibility.
Example for personal users
If you have built a personal website or blog that only displays content and does not require data transmission, you can refer to the following table to select a suitable SSL certificate.
Factor | Business feature | Recommended selection |
Domain type and quantity | Binds to only one domain name (you have one website and one single domain name). | Select a single-domain certificate. One SSL certificate protects one domain name. |
Validation strength and security level | The certificate issuance and validation process is simple and fast, but the security level is standard. | Select a DV certificate. The CA validates only the authenticity of the domain name. The certificate can be issued in as little as 10 minutes. |
Certificate encryption algorithm | No special encryption requirements. The certificate only needs to be compatible with mainstream browsers. | Select the RSA algorithm. It is compatible with almost all browsers. |
Certificate brand and budget | Guaranteed and low-priced | Select the Alibaba Cloud Brand for a lower price. |
Example for enterprise users
If you are an enterprise user, visit the product page to consult with a technical expert.
Selection by scenario
Certificate price
The price of an SSL certificate depends on factors such as the certificate type and brand.
Website domain type and quantity
An SSL certificate is effective only after it is associated with a domain name or IP address. The type and number of domain names associated with your website determine the type and number of SSL certificates that you need.
Validation strength and security
SSL certificates are classified into three types based on security, encryption level, and verification method: DV (Domain Validated), OV (Organization Validated), and EV (Extended Validation). These certificate types differ significantly in security, supported brands, and the types of websites for which they are suitable.
Certificate encryption algorithm
Common encryption algorithms for SSL certificates include RSA, ECC. These encryption algorithms differ in security level, performance, efficiency, compatibility, and application scenarios.
Alibaba Cloud SSL certificates support the RSA, ECC encryption algorithms. If your business has requirements for the algorithm type and performance, you can refer to the following information to select a certificate.
International standard algorithms:
RSA: A widely used asymmetric key encryption algorithm that provides the best compatibility and general applicability.
ECC (Elliptic Curve Cryptography): ECC was developed after RSA. Compared with RSA, ECC is more advanced and secure. It also provides faster encryption, higher efficiency, and lower resource consumption. ECC has been widely adopted by mainstream browsers.
NoteSSL certificates that use the RSA or ECC algorithm can be used in application scenarios such as websites, miniapps, and apps. However, you must perform an evaluation and plan accordingly to ensure performance and compatibility and meet specific compliance requirements.
Comparison
RSA algorithm
ECC algorithm
Security and key length
Requires a long key. Supported key lengths are 2,048 bits and 4,096 bits.
Achieves the same security level with a relatively short key.
256 bits: provides the same level of security as a 2,048-bit RSA key.
384 bits: provides the same level of security as a 3,072-bit RSA key.
Performance/Encryption and decryption speed
Slow.
Fast. Performs better in resource-constrained environments, such as on mobile devices and Internet of Things (IoT) devices.
Memory and CPU usage
High.
Low.
Compatibility
Good.
Good, but slightly less compatible than RSA.
Algorithm support for SSL certificates of different brands and types:
Certificate brand | Certificate type | RSA | ECC | ||||||
Signature algorithm | Key length | Signature algorithm | Key length | ||||||
SHA256withECDSA | SHA384withECDSA | 2048 | 4096 | prime256v1 | secp384r1 | SHA256withRSA | SHA384withRSA | ||
DigiCert | DV |
|
|
|
|
|
|
|
|
OV |
|
|
|
|
|
|
|
| |
EV |
|
|
|
|
|
|
|
| |
GlobalSign | DV |
|
|
|
|
|
|
|
|
OV |
|
|
|
|
|
|
|
| |
Alibaba Cloud | DV |
|
|
|
|
|
|
|
|
The default signature algorithm for SSL certificates is SHA256withRSA or SHA256withECDSA. You cannot select a signature algorithm with a SHA384 hash function in the Certificate Service console. To use this signature algorithm to issue a certificate, you must create a CSR file on your computer and upload the CSR file to the console. For more information, see How do I create a CSR file? and Upload a CSR file.
Certificate brand
The certificate brand is generally not the primary factor to consider when you select a certificate for the first time. However, if you want to renew a certificate or continue to use the same brand for new services, you can prioritize the certificate brand to narrow down your options and purchase a certificate of the same brand and specifications.
References
For more information about how to purchase a paid SSL certificate, see Purchase a commercial certificate.
For more information about how to request a refund for an SSL certificate, see Refunds.