All Products
Search

This Product

    Certificate Management Service:How do I select a certificate type, certificate brand, and domain name type?

    Document Center

    Certificate Management Service:How do I select a certificate type, certificate brand, and domain name type?

    Last Updated:Apr 03, 2024

    This topic describes how to select a certificate type, certificate brand, and domain name type.

    How do I select a certificate type?

    • For general enterprises, we recommend that you purchase organization validated (OV) certificates or certificates that provide a higher level of trust. For financial or payment enterprises, we recommend that you purchase extended validation (EV) certificates.

    • For mobile websites or API call-related applications, we recommend that you purchase OV certificates or certificates that provide a higher level of trust.

    Note

    The server IP addresses that are supported by DigiCert EV certificates are limited. If your domain name is associated with multiple server IP addresses, we recommend that you purchase multiple certificates. If you also use another Alibaba Cloud service, select one of the certificates and upload the certificate to the service.

    How do I select a certificate brand?

    • The following certificate brands are sorted in descending order of compatibility: DigiCert > GeoTrust > CFCA.

    • For mobile websites or API call-related applications, we recommend that you purchase DigiCert certificates.

    How do I select a domain name type?

    Domain name type

    Description

    Single domain name

    If you select this type for a certificate, the certificate can protect only one parent domain name, one subdomain, or one public IP address. Example: www.aliyundoc.com.

    Multiple domain names

    If you select this type for a certificate, the certificate can protect multiple single domain names. You can bind up to five single domain names to a multi-domain certificate that is purchased from Certificate Management Service. The domain names can be top-level domains (TLDs) or non-TLDs, such as demo.example.com and guide.developer.aliyundoc.com.

    Wildcard domain name

    A wildcard domain name can match its parent domain name and all first-level subdomains of the parent domain name. For example, if you bind the wildcard domain name *.aliyundoc.com to a certificate, the certificate is automatically assigned to its parent domain name aliyundoc.com free of charge. The domain name *.aliyundoc.com can match first-level subdomains such as www.aliyundoc.com and example.aliyundoc.com. The domain name *.aliyundoc.com cannot match second-level subdomains such as www.example.aliyundoc.com.

    A wildcard domain name can match only subdomains at the same level. For example, *.aliyundoc.com can match demo.aliyundoc.com. However, *.aliyundoc.com cannot match learn.demo.aliyundoc.com. If you want to bind learn.demo.aliyundoc.com to the wildcard certificate, you must purchase a new wildcard certificate and bind *.demo.aliyundoc.com to the certificate.

    A multi-domain wildcard certificate allows you to bind multiple wildcard domain names. Certificate Management Service allows you to apply for a single-domain wildcard certificate instead of a multi-domain wildcard certificate. To obtain a multi-domain wildcard certificate, you can combine multiple certificates of the same brand and type. For more information, see Combine certificates.

    Hybrid domain name

    A hybrid certificate allows you to bind single domain names, wildcard domain names, and public IP addresses. For example, if you bind the *.aliyundoc.com and demo.example.com domain names to a certificate, the certificate is a hybrid certificate.

    Certificate Management Service does not allow you to apply for a hybrid certificate. To obtain a hybrid certificate, you can combine multiple certificates of the same brand and type. For more information, see Combine certificates.

    Note

    • If the domain name that you bind to a certificate is a wildcard domain name, the certificate is also assigned to the parent domain name of the domain name. Examples:

      • The certificate to which the wildcard domain name *.aliyundoc.com is bound is also assigned to aliyundoc.com.

      • The certificate to which the wildcard domain name *.demo.aliyundoc.com is bound is not assigned to demo.aliyundoc.com.

    • If the domain name that you bind to a certificate starts with www, the certificate is also assigned to the parent domain name of the domain name. Examples:

      • The certificate to which www.aliyundoc.com is bound is also assigned to aliyundoc.com.

      • The certificate to which www.demo.aliyundoc.com is bound is not assigned to demo.aliyundoc.com.

    • You cannot change the domain names that are bound to a certificate after the certificate is issued.