All Products
Search

This Product

    Certificate Management Service:PCA billing

    Document Center

    Certificate Management Service:PCA billing

    Last Updated:Dec 17, 2025

    Private Certificate Authority (PCA) helps you build a private CA platform for your enterprise using simple, visual operations. This platform enables identity authentication, data encryption, and decryption for your internal applications. This topic describes the billable items for the PCA service and the rules for expiration, renewal, and refunds.

    Billable items

    Important

    The prices in the following table are for reference only. The prices on the purchase page prevail.

    Service type

    Billing method

    Price

    Billing rule

    Private root CA

    Subscription

    USD 760 per month

    Unit price of a private root CA in USD per month × Subscription duration

    Note

    By default, a private root CA includes one root CA, one intermediate CA, and 10 private certificates.

    Private intermediate CA

    Subscription

    USD 380 per month

    Unit price of a private intermediate CA (in USD/month) × subscription duration

    Private certificate

    Subscription

    The unit price of private certificates decreases as the purchase quantity increases.

    The unit price for private certificates decreases as the quantity increases. The following pricing tiers apply:

    • 1 ≤ number of certificates ≤ 1,000: 0.7 USD.

    • 1,001 ≤ Number of certificates ≤ 10,000: USD 0.3.

    Note

    Within each calendar year (from January 1 to December 31), if the cumulative number of purchased private certificates reaches 120,000, you are not charged for any additional certificates. The cumulative count resets on January 1 of the following year.

    Unit price (USD per certificate) × Quantity

    Expiration

    After a root CA expires, you cannot enable the CA or request a new certificate from it. To prevent business disruptions, you must renew your root and intermediate CAs within 30 calendar days before they expire. If your root and intermediate CAs expire, you must reactivate them.

    Renewal

    You can renew a root or intermediate CA in the Certificate Management Service console within 30 calendar days before it expires. After a CA expires, you can no longer renew it. To continue using the service, you must reactivate the expired CA in the Certificate Management Service console.

    Renew

    Important

    The renewal option is available only within 30 calendar days before a root or intermediate CA expires.

    1. Log on to the Certificate Management Service console.

    2. In the navigation pane on the left, choose Certificate Management > PCA Certificate Management. On the PCA Certificate Management page, select the region where the PCA service is located.

    3. On the Private CAs tab, find the private CA that you want to renew and click Renew in the Actions column.

      The renewal process depends on how the CAs were created. The following list describes the details:

      • If the root CA and intermediate CA were created together, renew only the root CA. The service duration for both CAs is extended.

      • If the intermediate CA was purchased separately, you must first renew the root CA to ensure it is valid. Then, you must renew the intermediate CA separately to extend its service duration.

    4. On the renewal page, confirm the Current Configuration information, select a Subscription Duration, read and select Terms of Service, and then click Buy Now to complete the payment.

      After you complete the purchase, you can go to the Private CAs page in the Certificate Management Service console to view the new Expire On of the private root CA or intermediate CA.

    Reactivate

    If you want to continue using PCA after your private root CA and private intermediate CA expire, you must reactivate the private root CA and private intermediate CA separately in the Certificate Management Service console.

    1. Log on to the Certificate Management Service console.

    2. In the navigation pane on the left, choose Certificate Management > PCA Certificate Management. On the PCA Certificate Management page, select the region where the PCA service is located.

    3. On the Private CAs tab, find the target CA and click Reactivate in the Actions column.

    4. On the Certificate Management Service page, specify the CA configuration, read and select Terms Of Service, click Buy Now, and complete the payment.

      Important

      • When you reactivate a root CA, you can change only the Certificate Algorithm and Duration. When you reactivate an intermediate CA, you can change only the Duration.

      • If the CA was in the Disabled state before reactivation, you must enable it after reactivation to continue using the PCA service. For more information, see Enable a private CA. If the CA was in the Enabled state before reactivation, you can use the PCA service immediately after reactivation.

    5. Optional: Return to the Certificate Management Service console to view the new expiration date of the reactivated private CA.