Certificate Management Service provides a comprehensive solution to manage SSL certificates throughout their entire lifecycles, including certificate purchase, application, deployment, hosting, and renewal.
Flowchart
Procedure
Purchase
You must purchase a certificate before you can use it. You can purchase a certificate by entering a domain name or by specifying a quantity. When you purchase a certificate, you must select a reliable certificate authority (CA), such as DigiCert, GlobalSign, or GeoTrust. CAs provide various types of certificates, including single-domain, wildcard, and multi-domain certificates. You must select a certificate type based on the business and security requirements of your website. For more information about how to purchase certificates, see Purchase an official certificate.
Application
The certificate application process consists of the following steps: creation, application, and domain name ownership verification.
Creation
After you purchase an official certificate, you need to bind a domain name to the certificate. If you already bind a domain name when you purchase the certificate, skip this step. For more information, see Create a certificate.
Application
You must enter the required information based on the certificate type and submit the information to the CA for review. The required information includes the domain name or IP address that you want to bind to the certificate, the verification method of domain name ownership, the contact information of the certificate, and the business license of your company. For more information, see Apply for a certificate.
Domain name ownership verification
Before the CA issues the certificate for your website, you must cooperate with the CA to verify that you own or can manage the domain name bound to the certificate. For more information, see Verify the ownership of a domain name.
Deployment
After a certificate is issued, you can deploy the certificate to the server of your website to ensure HTTPS access to the website. The deployment process varies based on the server type and the hosting environment. Supported servers include Apache, NGINX, and IIS servers. For more information, see Deploy SSL certificates.
Renewal
When a certificate is about to expire, you can renew the certificate to obtain a new certificate and install the new certificate on the server of your website to ensure continuous encryption and security for the website. In most cases, a certificate is valid for up to 397 days, approximately 13 months. If you do not renew a certificate after it expires, security issues may occur and security alerts may be generated on browsers. This compromises user trust and experience. For more information about how to renew a certificate, see Renew an official SSL certificate.
Revocation
If you no longer want to use a certificate due to security or other reasons, you can revoke the certificate. After a certificate is revoked from the CA, you can no longer use the certificate for secure communications. For more information about how to revoke a certificate, see Revoke and delete a certificate.