All Products
Search

This Product

    Certificate Management Service:PCA certificate billing description

    Document Center

    Certificate Management Service:PCA certificate billing description

    Last Updated:Jun 03, 2025

    Private Certificate Authority (PCA) allows you to build a private certificate platform within your enterprise by performing visualized operations. PCA helps you implement application identity authentication and data encryption and decryption within your enterprise. This topic describes the billable items of PCA and the rules for certificate expiration, renewal, and refunds.

    Billable items

    Billable item

    Billing method

    Price

    Billing rule

    Private root CA

    Yearly or monthly subscription

    USD 760 per month

    Note

    The actual price on the buy page of a private root CA shall prevail.

    The price of a private root CA is calculated based on the following formula: Unit price in USD per month × Subscription duration.

    Note

    By default, a private root CA consists of 1 private root CA, 1 private intermediate CA, and a quota for 10 private certificates.

    Private intermediate CA

    Yearly or monthly subscription

    USD 380 per month

    Note

    The actual price on the buy page of a private intermediate CA shall prevail.

    The price of a private intermediate CA is calculated based on the following formula: Unit price in USD per month × Subscription duration.

    Private certificate

    Subscription

    Note

    If the number of purchased private certificates exceeds a threshold, you are not charged for the excess private certificates. For more information about the threshold, contact your account manager.

    The fees on the buy page shall prevail.

    The price of a private certificate is calculated based on the following formula: Unit price in USD × Number of purchased private certificates.

    Expiration

    After a private root CA expires, you can no longer enable the private root CA or apply for a private certificate from a private intermediate CA of the private root CA. To prevent impacts on your business, we recommend that you renew your private root CA and private intermediate CAs within 30 calendar days before they expire. If the private root CA and private intermediate CAs have expired, you must reactivate the CAs.

    Renewal policy

    You can renew a private root A or a private intermediate CA within 30 calendar days before the CA expires. You can renew the private root CA or private intermediate CA in the Certificate Management Service console. You cannot renew an expired private root CA or private intermediate CA. If you want to continue using the private root CA or private intermediate CA, you must reactivate the CA in the Certificate Management Service console.

    Renewal

    Important

    You can renew a private root CA or private intermediate CA only within 30 calendar days before the CA expires.

    1. Log on to the Certificate Management Service console.

    2. In the left-side navigation pane, choose Certificate Management > PCA Certificate Management. On the PCA Certificate Management page, select the region where your PCA resides.

    3. On the Private CAs tab, find the private CA that you want to renew and click Renew in the Actions column.

      The private CA that you need to renew varies based on how you create the private CA.

      • If the private root CA and the private intermediate CA are created together, you need to only renew the private root CA. The validity periods of both the private root CA and the private intermediate CA are extended.

      • If the private intermediate CA is separately purchased, you must renew the private root CA in advance to ensure that the private root CA is valid. Then, you can renew the private intermediate CA to extend its validity period.

    4. On the Renew page, confirm the specifications, configure the Subscription Duration parameter, read and select Terms of Service, click Buy Now, and then complete the payment.

      After you complete the payment, you can log on to the Certificate Management Service console and go to the Private Certificates page. On the Private Certificates page, you can view the new expiration time of the private root CA or private intermediate CA in the Expire On column.

    Reactivation

    If you want to continue using PCA after your private root CA and private intermediate CA expire, you must separately reactivate the private root CA and private intermediate CA in the Certificate Management Service console.

    1. Log on to the Certificate Management Service console.

    2. In the left-side navigation pane, choose Certificate Management > PCA Certificate Management. On the PCA Certificate Management page, select the region where your PCA resides.

    3. On the Private CAs tab, find the required CA and click Reactivate in the Actions column.

    4. On the buy page, configure the specifications and click Buy Now. On the page that appears, read and select Terms of Service. Then, complete the payment.

      Important

      • When you reactivate a private root CA, you can configure only the Certificate Algorithm and Subscription Duration parameters. When you reactivate a private intermediate CA, you can configure only the Subscription Duration parameter.

      • If a private CA is in the Disabled state before it is reactivated, you must enable the private CA after it is reactivated. Then, you can continue to use PCA. For more information about how to enable a private CA, see Enable a private CA. If a private CA is in the Enabled state before it is reactivated, you can directly use PCA after the private CA is reactivated.

    5. Optional. Return to the Certificate Management Service console to view the expiration time of the reactivated private root CA.