Certificate Management Service:Purchase an official certificate

Rules for complimentary domain names

Procedure

1. Go to the Certificate Management Service buy page.

2. Configure the parameters and click Buy Now to complete the payment. The following table describes the parameters.

   After you complete the payment, you can choose Comprehensive Management > Order Refund Management in the left-side navigation pane in the Certificate Management Service console to view the order instance. You can use the tag feature to add a tag to an order instance. To add a tag, find the order instance and click the icon.

   Parameter	Description
   Domain Type	Select the type of the domain name that you want to bind to the certificate. Valid values: Single Domain: You can bind a primary domain name, a subdomain, or an IPv4 public address to a certificate. Examples: aliyundoc.com, abc.example.com, and 1.1.X.X. Note If you bind a primary domain name to a certificate, the certificate is automatically applied to its subdomain that starts with www. For example, if you bind example.com to a certificate, the certificate is automatically applied to www.example.com free of charge. You do not need to purchase another certificate for www.example.com. Wildcard Domain: If you have multiple servers that use subdomains at the same level, you need to only purchase one wildcard certificate. The following list describes the matching rules of a wildcard domain name: Only subdomains at the same level can be matched. For example, if you bind *.aliyundoc.com to a certificate, subdomains such as demo.aliyundoc.com and learn.aliyundoc.com are matched, but subdomains such as guide.demo.aliyundoc.com and developer.demo.aliyundoc.com are not matched. If you bind a wildcard domain name to a certificate, the certificate is automatically applied to its primary domain name. For example, if you bind *.example.com to a certificate, the certificate is automatically applied to example.com. You can apply for a certificate bound to one wildcard domain name. You cannot apply for a certificate bound to multiple wildcard domain names. If you want to bind multiple wildcard domain names to a certificate, you can combine multiple certificates of the same brand and type to generate a multi-domain wildcard certificate. For more information, see Combine certificates. Multiple Domains: If you select this value, you can bind up to five single domain names to the certificate.
   Brand	Select a certificate brand. When you select a certificate brand, consider the certificate type, signature algorithm type, key length, domain name type, price, and your business requirements. If you cannot select a certificate brand based on the preceding factors, visit the Certificate Management Service product page to obtain technical support. Valid values: DigiCert: DigiCert (formerly known as Symantec) is a well-known and trusted SSL certificate brand in the industry. All DigiCert certificates use prominent encryption technologies to provide enhanced security solutions for different websites and servers. Alibaba Cloud: Alibaba Cloud certificates are more cost-effective than other certificate brands. GlobalSign: GlobalSign is an early CA in the industry. GlobalSign is a trusted CA and SSL certificate provider committed to network security authentication and digital certificate services. Important If you apply for a DigiCert certificate, you cannot enter domain names that are suffixed with special words such as .edu, .gov, .org, .jp, .pay, .bank, .live, .nuclear, or .ru. This limit does not apply to GlobalSign certificates. For more information, see Select an SSL certificate.
   Certificate Specifications	Select a certificate type. Alibaba Cloud supports domain validated (DV), OV, and extended validation (EV) certificates. Different types of certificates provide different levels of security and authentication strengths, support different certificate brands, and are suitable for different types of websites. The following list describes the usage scenarios of the three types of certificates. For more information about the differences among the certificate types, see Select a certificate based on authentication strength and security. DV SSL: DV certificates, which are suitable for personal websites used for app services, information display, enterprise testing, and personal testing. OV SSL: OV certificates, which are suitable for websites used by public service sectors, small- and medium-sized enterprises, and educational institutions. Certificates of the OV_PRO SSL type use enhanced encryption algorithms. EV SSL: EV certificates, which are suitable for high-privacy websites that involve transactions, payments, and privacy data, including websites used by large-sized enterprises, financial institutions and e-commerce platforms. Certificates of the EV_PRO SSL type use enhanced encryption algorithms.
   Domain Names	Select the number of domain names that you want to bind to a certificate. This parameter is required only if you set the Certificate Type parameter to Multiple Domains.
   Quantity	Specify the number of certificates that you want to purchase. The value is 1 by default and cannot be changed.
   Service Duration	Select the validity period of the certificate service. Valid values: 1 Year: The certificate service is valid for one year. The service provides one certificate, which is valid for one year by default. After a certificate expires, you must place an order to purchase a new certificate. 2 Years: The certificate service is valid for two years. The certificate service provides two certificates that are valid for one year and a hosting quota of 1. For more information, see Introduction to the certificate hosting feature. 3 Years: The certificate service is valid for three years. The certificate service provides three certificates that are valid for one year and a hosting quota of 2.

What to do next

After you purchase an official certificate, you can submit a certificate application to the CA. After the application is approved, the CA issues the certificate. For more information about how to apply for a certificate, see Apply for a certificate.

Refund policies

If you select the wrong certificate type or specify incorrect information when you purchase an official certificate, you can request a refund for the purchase order. The refund is returned to the original payment account. Refunds are not supported in specific scenarios, such as scenarios in which certificates are purchased more than seven days ago and the amount is offset by using vouchers or coupons. For more information, see Request a refund for an SSL certificate.

References

• For more information about how to select an SSL certificate, see Select an SSL certificate.

• For more information about wildcard certificates, see How do I change a single-domain certificate that is purchased or issued to a wildcard certificate?

• For more information about how to enable auto-renewal for certificates, see Enable hosting for a certificate.