After you purchase an official SSL certificate, you can submit a certificate application to the certificate authority (CA). After the CA approves your application, the CA issues the certificate.
Rules for complimentary domain names
Domain name type | Brand and certificate type | Rule description |
Single domain name |
| If you apply for a certificate for a primary domain name, its www subdomains are included free of charge. If you apply for a certificate for a www subdomain, its primary domain name is included free of charge regardless of the domain name hierarchy. For example, If you apply for a certificate for If you apply for a certificate for |
| A www subdomain is included free of charge only when the primary domain name is a first-level domain. For example, if you apply for a certificate for | |
Wildcard domain name |
| Primary domain names are included free of charge regardless of the domain name hierarchy. For example, if you apply for a certificate for |
OV certificates of all brands other than GlobalSign | A primary domain name is included free of charge only when the domain name is a first-level domain. For example, if you apply for a certificate for *.aliyundoc.com, its primary domain name aliyundoc.com is included free of charge. If you apply for a certificate for |
Procedure
Go to the Certificate Management Service buy page.
Configure the parameters and click Buy Now to complete the payment. The following table describes the parameters.
After you complete the payment, you can choose in the left-side navigation pane in the Certificate Management Service console to view the order instance. You can use the tag feature to add a tag to an order instance. To add a tag, find the order instance and click the
icon.Parameter
Description
Domain Type
Select the type of the domain name that you want to bind to the certificate. Valid values:
Single Domain: You can bind a primary domain name, a subdomain, or an IPv4 public address to a certificate. Examples:
aliyundoc.com,abc.example.com, and1.1.X.X.Wildcard Domain: If you have multiple servers that use subdomains at the same level, you need to only purchase one wildcard certificate.
The following list describes the matching rules of a wildcard domain name:
Only subdomains at the same level can be matched. For example, if you bind *.aliyundoc.com to a certificate, subdomains such as demo.aliyundoc.com and learn.aliyundoc.com are matched, but subdomains such as guide.demo.aliyundoc.com and developer.demo.aliyundoc.com are not matched.
You can apply for a certificate bound to one wildcard domain name. You cannot apply for a certificate bound to multiple wildcard domain names. If you want to bind multiple wildcard domain names to a certificate, you can combine multiple certificates of the same brand and type to generate a multi-domain wildcard certificate. For more information, see Combine certificates.
Multiple Domains: If you select this value, you can bind up to five single domain names to the certificate.
For more information about the complimentary rules for single and wildcard domain names, see Rules for complimentary domain names.
Brand
Select a certificate brand. When you select a certificate brand, consider the certificate type, signature algorithm type, key length, domain name type, price, and your business requirements. If you cannot select a certificate brand based on the preceding factors, visit the Certificate Management Service product page to obtain technical support. Valid values:
DigiCert: DigiCert (formerly known as Symantec) is a well-known and trusted SSL certificate brand in the industry. All DigiCert certificates use prominent encryption technologies to provide enhanced security solutions for different websites and servers.
Alibaba Cloud: Alibaba Cloud certificates are more cost-effective than other certificate brands.
GlobalSign: GlobalSign is an early CA in the industry. GlobalSign is a trusted CA and SSL certificate provider committed to network security authentication and digital certificate services.
ImportantIf you apply for a DigiCert certificate, you cannot enter domain names that are suffixed with special words such as
.edu,.gov,.org,.jp,.pay,.bank,.live,.nuclear, or.ru. This limit does not apply to GlobalSign certificates.For more information, see Select an SSL certificate.
Certificate Specifications
Select a certificate type. Alibaba Cloud supports domain validated (DV), OV, and extended validation (EV) certificates. Different types of certificates provide different levels of security and authentication strengths, support different certificate brands, and are suitable for different types of websites.
The following list describes the usage scenarios of the three types of certificates. For more information about the differences among the certificate types, see Select a certificate based on authentication strength and security.
DV SSL: DV certificates, which are suitable for personal websites used for app services, information display, enterprise testing, and personal testing.
OV SSL: OV certificates, which are suitable for websites used by public service sectors, small- and medium-sized enterprises, and educational institutions. Certificates of the OV_PRO SSL type use enhanced encryption algorithms.
EV SSL: EV certificates, which are suitable for high-privacy websites that involve transactions, payments, and privacy data, including websites used by large-sized enterprises, financial institutions and e-commerce platforms. Certificates of the EV_PRO SSL type use enhanced encryption algorithms.
Domain Names
Select the number of domain names that you want to bind to a certificate. This parameter is required only if you set the Certificate Type parameter to Multiple Domains.
Quantity
Specify the number of certificates that you want to purchase. The value is 1 by default and cannot be changed.
Service Duration
Select the validity period of the certificate service. Valid values:
1 Year: The certificate service is valid for one year. The service provides one certificate, which is valid for one year by default. After a certificate expires, you must place an order to purchase a new certificate.
2 Years: The certificate service is valid for two years. The certificate service provides two certificates that are valid for one year and a hosting quota of 1.
For more information, see Introduction to the certificate hosting feature.
3 Years: The certificate service is valid for three years. The certificate service provides three certificates that are valid for one year and a hosting quota of 2.
What to do next
After you purchase an official certificate, you can submit a certificate application to the CA. After the application is approved, the CA issues the certificate. For more information about how to apply for a certificate, see Apply for a certificate.
Refund policies
If you select the wrong certificate type or specify incorrect information when you purchase an official certificate, you can request a refund for the purchase order. The refund is returned to the original payment account. If your certificate is purchased more than seven days or you use vouchers or coupons to offset the amount, refunds are not supported. For more information, see Request a refund for an SSL certificate.
References
For more information about how to select an SSL certificate, see Select an SSL certificate.
For more information about wildcard certificates, see How do I change a single-domain certificate that is purchased or issued to a wildcard certificate?
For more information about how to enable auto-renewal for certificates, see Enable hosting for a certificate.