Certificate Management Service:SSL certificate workflow

Purchase a certificate

1. Select a certificate type as needed. For more information, see SSL certificate selection guide.

2. Provide your purchase information. For details, see Purchase an official certificate .

Create a certificate

After you purchase a certificate, you must create an SSL certificate to associate your purchased quota with a domain name. During the creation process, the system provides a Quick Issue option:

• Select Quick Issue: You are required to fill in the application information. After the certificate is created, the system will automatically submit the certificate application to the CA. Subsequently, you only need to complete domain ownership validation.

• Do not select Quick Issue: After the certificate is created, you must log on to the Certificate Management Service console to manually fill in and submit the application. For details, see Submit a request to a CA.

Request a certificate

1. Submit a request to a CA

   You must enter information based on the certificate type, such as the associated domain name or IP address, contact, company, and business license information. Then, submit the CSR to the CA. For more information, see Request a certificate.

2. Domain ownership validation

   When you submit a request to the CA, you must validate the ownership of your domain name. For more information, see Domain ownership validation.

   • Domain Validated (DV) certificates support three authentication methods: Automatic DNS Verification, Manual DNS Verification, and File Verification.

   • For Extended Validation (EV) or Organization Validated (OV) certificates, you must complete the validation based on the instructions in the domain validation email sent by the CA.

3. CA review

   After you submit the request and complete domain ownership validation, the CA reviews your request. To view the review progress and result, see Handle CA review results. DV certificates are typically issued within 1 to 15 minutes. OV and EV certificates are typically issued within 5 calendar days.

Deploy the certificate

After the CA approves your request and the certificate status changes to "Issued", you can deploy the certificate file to your web server, such as Nginx, Apache, or IIS, or to a cloud product. This enables HTTPS for your site. For more information, see Deploy an SSL certificate.

Next steps

Renew the certificate

When an SSL certificate expires, you must promptly renew it or request a new one. You must also install the new SSL certificate to maintain the encrypted connection and security of your website. For more information, see SSL certificate renewal and expiration handling.

Revoke the certificate

If you no longer use a certificate, you can revoke it. For more information, see Revoke and delete an SSL certificate.

What do I do if I cannot find the certificate after purchase?

If you did not enter domain name information during purchase, a certificate creation quota is added to your account instead of a ready-to-use certificate. The certificate is not displayed in the certificate list until you create an SSL certificate and associate it with a domain name.

Do SSL certificates support Chinese domain names?

Yes, they do. If you want to associate a Chinese domain name, you must convert it to Punycode as prompted in the console before you request the certificate. You can also use a transcoding tool to perform the conversion. For more information, see Convert a Chinese domain name.

Can I apply for an Alibaba Cloud SSL Certificate if my DNS provider is not Alibaba Cloud?

Yes, you can. You only need to complete the domain ownership validation. This is independent of your DNS provider.