Alibaba Cloud Certificate Management Service provides SSL certificates of various types and brands for websites such as websites of individuals, e-commerce websites, and websites of small and large-sized enterprises. Certificate Management Service also provides wildcard certificates, multi-domain certificates, and hybrid certificates to meet different business requirements, such as protecting multiple subdomains or different domain names. This topic describes how to select a certificate that best suites your website scale, business requirements, and budget.
Alibaba Cloud Certificate Management Service supports the following types of certificates: domain validated (DV) certificates, organization validated (OV) certificates, and extended validation (EV) certificates. Different types of certificates provide different levels of security, support different certificate brands, and are suitable for different types of websites.
Supported certificate brand
Websites of individuals
Certificate authorities (CAs) verify the authenticity of a website. CAs do not verify the authenticity of an enterprise.
Websites of organizations such as public service sectors, enterprises, and educational institutions
CAs verify the authenticity of an organization or an enterprise.
Websites of organizations such as large-sized enterprises and financial institutions
CAs perform strict authentication.
If your website is owned by an individual who does not have an enterprise business license, you can apply for only free certificates or DV certificates.
For general enterprises, mobile websites, or API call-related applications, we recommend that you purchase OV certificates or certificates that provide a higher level of trust.
For financial or payment enterprises, we recommend that you purchase EV certificates.
The following table describes the certificate brands that are supported by Certificate Management Service.
For mobile websites or API call-related applications, we recommend that you purchase DigiCert certificates.
DigiCert is a well-known and trusted SSL certificate brand in the industry. All DigiCert certificates use prominent encryption technologies to provide enhanced security solutions for different websites and servers. DigiCert is formerly known as Symantec.
GlobalSign and Alibaba Cloud
GMO GlobalSign Pte Ltd.
GlobalSign is an early CA in the industry. GlobalSign has been committed to network security authentication and digital certificate services. GlobalSign is a trusted CA and SSL certificate provider. Compared with other brands of certificates, Alibaba Cloud certificates are more cost-effective.
Domain name types
The following table describes the differences among the types of domain names that are supported.
You cannot bind multiple domain names or hybrid domain names to DV certificates. You cannot bind wildcard domain names or hybrid domain names to EV certificates.
Domain name type
Single domain name
A single-domain certificate can protect only one primary domain, one subdomain, or one public IP address. Example: www.aliyundoc.com.
Multiple domain names
A multi-domain certificate allows you to bind multiple single domain names. You can bind up to five single domain names to a multi-domain certificate that is purchased from Certificate Management Service.
Wildcard domain name
A wildcard domain name can match its parent domain name and all first-level subdomains of the parent domain name. For example, if you bind the wildcard domain name *.aliyundoc.com to a certificate, the certificate is automatically applied to the parent domain name aliyundoc.com free of charge. The wildcard domain name *.aliyundoc.com can match first-level subdomains such as www.aliyundoc.com and example.aliyundoc.com. The wildcard domain name *.aliyundoc.com cannot match second-level subdomains such as www.example.aliyundoc.com.
A multi-domain wildcard certificate allows you to bind multiple wildcard domain names. Certificate Management Service allows you to apply for only a single-domain wildcard certificate to which a single wildcard domain name is bound. To obtain a multi-domain wildcard certificate, you can combine multiple certificates of the same brand and type. For more information, see Combine certificates.
Hybrid domain name
A hybrid certificate allows you to bind single domain names, wildcard domain names, and public IP addresses. For example, if you bind the *.aliyundoc.com and demo.example.com domain names to a certificate, the certificate is a hybrid certificate.
Certificate Management Service does not allow you to apply for a hybrid certificate. To obtain a hybrid certificate, you can combine multiple certificates of the same brand and type. For more information, see Combine certificates.
Supported encryption algorithms
SSL certificates support the following encryption algorithms:
RSA: The Rivest-Shamir-Adleman (RSA) algorithm is an asymmetric algorithm that is widely used and provides high compatibility.
ECC: The elliptic curve cryptography (ECC) algorithm is a public key encryption algorithm based on elliptic curves. Compared with the RSA algorithm, the ECC algorithm is more advanced and secure. The ECC algorithm provides faster encryption and higher efficiency at lower server resource consumption. The ECC algorithm is promoted among mainstream browsers.
SM2: The SM2 algorithm is developed and approved by the State Cryptography Administration of China based on the ECC algorithm. The SM2 algorithm is used to replace the RSA algorithm in Chinese commercial cryptography systems.
The following table describes the encryption algorithms that are supported by different certificate brands.
: not supported