This topic introduces the terms that are related to SSL certificates and the services that are provided to manage SSL certificates. SSL certificates refer to server certificates.
SSL certificates
SSL certificates are trusted credentials that are issued by well-known certificate authorities (CAs). The CAs are certified by WebTrust. You can use SSL certificates to authenticate visitors to your website and encrypt data in transmission.
SSL
SSL is a security protocol. SSL certificates provide an encryption mechanism for application data transmission on a TCP/IP network. The applications include HTTP, Telnet, and FTP.
SSL uses public keys to encrypt data transmitted over TCP/IP connections, ensure message integrity, and authenticate servers and clients. Client authentication is optional.
SSL certificate-based encryption
An SSL certificate adopts the public key cryptography, in which a key pair is used to encrypt and decrypt data.
Each user creates a private key that is not disclosed to anyone for decryption and signature. The user also creates a public key and discloses this key to a group of users for encryption and signature verification.
An SSL certificate uses a key pair and an algorithm such as Rivest-Shamir-Adleman (RSA), elliptic curve cryptography (ECC), or SM to encrypt and decrypt data. For more information, see Select a certificate based on the encryption algorithm and What is a public key and a private key?
SSL certificate and HTTPS
After you install an SSL certificate on a web server, the HTTPS service is enabled for the web server.
Your website can transmit data over HTTPS. This helps establish trusted and encrypted connections between your website and client browsers and ensures the security of data during transmission.
Risks caused by the absence of SSL certificates
You cannot use HTTP to encrypt data. During HTTP transmission, data leaks, data tampering, and phishing attacks may occur.
Impacts of SSL certificates
After you install an SSL certificate on your web server, you can establish HTTPS-encrypted connections between your web server and website. This ensures the security of your website and data transmission.
Value-added services related to SSL certificates
Alibaba Cloud Certificate Management Service supports certificate purchase and issuance. Certificate Management Service also provides value-added services. The following table describes the value-added services.
Service | Description | References |
Quick deployment of certificates to Alibaba Cloud services | You can create a certificate deployment task in the Certificate Management Service console to automatically deploy a certificate to the following Alibaba Cloud services: Web Application Firewall (WAF), Application Load Balancer (ALB), and Network Load Balancer (NLB). When you create the task, you can configure the task to run immediately or at a specific point in time. | |
Quick deployment of certificates to Alibaba Cloud servers | You can create a certificate deployment task in the Certificate Management Service console to upload the related files of a certificate to a specific directory of a cloud server, or upload the files to replace the existing certificate-related files in the directory. This way, the certificate can be used by web applications that are hosted on the cloud server. This prevents errors when the certificate is manually downloaded or uploaded and simplifies the deployment process. | |
Quick deployment of certificates to third-party cloud services | You can deploy a certificate to a third-party cloud service by using Certificate Management Service. This simplifies certificate migration and configuration. Specific cloud services of Amazon Web Services (AWS), Tencent Cloud, and Huawei Cloud are supported. | |
Free management of third-party certificates | You can upload a certificate that is purchased from and issued by a third-party certificate service provider to the Certificate Management Service console for centralized management. | |
Hosting for certificates | A certificate that is issued by a CA is valid for up to 397 days. After the certificate expires, you must manually renew and update the certificate. To prevent your business from being affected when your certificate is not renewed, Certificate Management Service provides the certificate hosting feature. If the remaining validity period of a certificate that is issued and uploaded is less than 30 calendar days, the system automatically applies for a new certificate. | |
Signature generation and signature verification for certificates | You can use certificate application repository-related API operations to encrypt, decrypt, or sign sensitive data, such as data in electronic contracts and electronic invoices, or to verify signatures. This helps ensure the authenticity, integrity, and security of data files. | |
Custom notifications for certificates | You can use the notification feature to configure expiration notification policies for issued certificates. You can also configure notification policies for alerts that are triggered at core stages in the certificate lifecycle, such as certificate download and revocation. In addition, you can specify whether to receive the latest updates and announcements of Certificate Management Service, and the updates and changes to intermediate and root certificates. This helps provide support for your O&M operations. |