Submit a CA application

Apply for a personal test certificate

A personal test certificate is an SSL certificate provided by Alibaba Cloud for personal websites, development and testing environments, or new enterprise projects for basic HTTPS encryption.

1. Log in to the Certificate Management Service console.

2. In the left navigation pane, choose Certificate Management > SSL Certificate Management.

3. On the Individual Test Certificate (Formerly Free Certificate) tab, click Apply for Certificate in the Actions column of the target certificate.

4. In the Apply for Certificate panel, configure the following settings and click Submit.

   • Domains to Bind

     • Domain name limits: You can apply for a personal test certificate only for a single domain name. You cannot apply for a personal test certificate for a public IP address, a domain name with a special suffix, a wildcard domain name, or a hybrid domain name. To apply for a certificate for one of these, you must purchase a commercial certificate.

       Which special suffixes are not supported for personal test certificates?

       .edu, .gov, .org, .jp, .pay, .bank, .live, .nuclear, and .ru.

     • Length limits: The total length of a single domain name cannot exceed 253 characters. The length of each label in the domain name, which is the part separated by a period (.), cannot exceed 63 characters.

     • Chinese domain names: If you want to secure a Chinese domain name, you must convert it to Punycode as prompted in the console before you can apply for a certificate. You can also use a transcoding tool to convert the domain name. For more information, see Convert a Chinese domain name.

       Note

       vTrus-branded certificates do not support Chinese domain names.

     • Complimentary domain names: If your domain name qualifies for a commercial certificate, Alibaba Cloud provides a corresponding complimentary domain name.

     Important

     The domain name for a personal test certificate is fixed after the first application. You cannot change the domain name on subsequent applications, even if you withdraw the initial application or revoke the certificate. To use a different domain name, you must purchase a new certificate.

   • Domain Verification Method

     Select a verification method based on your account status.

     Note

     • Certificate purchase account: The Alibaba Cloud account used to purchase the target SSL certificate in the Certificate Management Service console.

     • DNS resolution account: The Alibaba Cloud account used to configure DNS resolution for the target domain name in Alibaba Cloud DNS.

     The purchase and DNS accounts are different

     • Manual DNS Verification (recommended): Log on to your DNS service platform and add a CNAME or TXT DNS record.

     • File Verification: Log on to your web server, and create and upload the required validation file to the specified directory.

       Important

       Wildcard domain names do not support file validation.

     The purchase and DNS account are the same

     The system uses the Automatic DNS Verification method. Alibaba Cloud automatically adds a DNS record for the domain name in Alibaba Cloud DNS to verify domain ownership. No manual operation is required.

   • Contact

     Select the contact for this certificate application. The contact information includes an email address and a mobile phone number. To create or modify a contact, click Create Contact or Edit, or go to Contact Management.

     Important

     After the CA receives the certificate application, it sends a validation email to the contact's email address or communicates with the contact using their mobile phone number (only in the Chinese mainland) for the review. Make sure that the contact information is accurate and valid.

   • Location

     Select the city or region where the applicant is located.

   • Encryption Algorithm

     Option	Security	Compatibility	Performance	Recommendation
     RSA_2048	Medium	Widest	Middle	Recommended for general use and suitable for most web applications.
     RSA_3072	High	Good	Lower	Suitable for scenarios with high security requirements, such as finance and payments.
     RSA_4096	Very High	Fair	Low	Recommended only for top-secret or extremely high-security scenarios.
     ECC_256	High	Good	Very High	Suitable for mobile applications, high-concurrency systems, and IoT devices.
     SM2	High	Specific	High	Applicable only to scenarios that require compliance with Chinese cryptographic standards, such as government, state-owned enterprises, and finance.

     • RSA: An asymmetric key encryption algorithm based on the difficulty of factoring large integers. It is the most widely used and has excellent compatibility. Longer keys provide higher security but increase performance overhead.

     • ECC: An asymmetric key encryption algorithm based on the difficulty of the elliptic curve discrete logarithm problem. It achieves the same level of security as RSA with shorter keys, offers higher computational efficiency, and is suitable for resource-constrained environments such as mobile devices and IoT.

     • SM2: A Chinese domestic elliptic curve algorithm released by the State Cryptography Administration of China. It is part of the Chinese national cryptographic standard. Its security is comparable to ECC and is suitable for government, finance, and other scenarios with domestic compliance requirements.

     Note

     Currently, only some brands and types of certificates support the ECC and SM2 algorithms. For more information, see SSL certificate selection.

   • CSR Generation

     A Certificate Signing Request (CSR) is an application file submitted to a CA when you apply for an SSL certificate. It contains your domain name, organization information, and public key. You must securely store the corresponding private key.

     Automatic (recommended)

     Alibaba Cloud automatically creates a CSR and a private key for you. After the certificate is issued, you can directly download the complete file that contains the private key.

     Manual Entry

     You can use tools such as OpenSSL or Keytool to manually generate a CSR and a private key file, which you must store securely. Then, copy the CSR content into the CSR File configuration item. For more information about how to create a CSR and a private key file, see How to create a CSR file.

     Important

     • Securely store your private key. If you lose the private key, the certificate becomes unusable because the key is unrecoverable. You would need to generate a new key pair and request a certificate reissuance.

     • If you apply for a Chinese cryptographic algorithm certificate and select Manual Entry for the CSR, the private key is not stored in Alibaba Cloud. The private key is required to decrypt the obtained certificate. You must contact the party that generated the private key to assist with decryption. This does not apply to Wosign-branded certificates.

     • The encryption algorithm of the CSR must match the Key Algorithm selected above. If you are unsure of the encryption algorithm used by your CSR, you can use the View CSR tool to check it. For more information, see View CSR Details.

     • Certificates issued using this method do not support one-click deployment to other Alibaba Cloud products.

     Select an Existing CSR

     From the CSRs created or uploaded in the Certificate Management Service console, select the CSR that matches the Domains to Bind. For more information about how to create and upload a CSR, see Create a CSR.

   • CSR File

     This parameter is required only when CSR Generation is set to Manual or Select Existing CSR. Enter the content of your CSR file.

5. Follow the prompts in the Verify Information section to complete the domain ownership verification.

Apply for a commercial certificate

Commercial certificates are available in three types: DV, OV, and EV. When you apply for a certificate, the information you must provide to the Certificate Authority (CA) for review varies by certificate type. This information can include the domain name or IP address to bind to the certificate, the domain verification method, contact details, and company information and business license.

1. Log on to the Certificate Management Service console.

2. In the left navigation pane, choose Certificate Management > SSL Certificate Management.

3. On the Commercial Certificates tab, click Apply for Certificate in the Actions column of the target certificate, or hover over the icon in the Status column and click Apply for Certificate.

4. In the certificate application panel, configure the following settings and click Submit.

   Note

   Certificate Management Service sends the application information you submit, such as the domains to bind and contact information, to the CA for review. If you apply for a certificate from a non-Chinese brand, such as GeoTrust or DigiCert, your application information is sent to a CA outside Chinese mainland.

   DV certificate

   • Domains to Bind

     • Domain name requirements

       • Type matching: The domain type that you enter (single, multi-domain, or wildcard) must match your purchased certificate.

       • Length limits: The total length must not exceed 253 characters. Each label (a segment separated by the . character) must not exceed 63 characters.

     • Special format requirements

       • Wildcard: Must start with *, such as *.example.com.

       • Chinese domain name: If you use a Chinese domain name, you must convert it to Punycode as prompted in the console. You can also use a conversion tool. For more information, see Chinese Domain Name Conversion.

         Note

         vTrus-branded certificates do not support Chinese domain names.

       • IP addresses: Supported only by some OV single-domain certificates (Brands: GlobalSign and GeoTrust, vTrus, and CFCA).

     • Suffix restrictions: Only GlobalSign-branded certificates support attaching to domain names with the .ru suffix.

     • Complimentary domain names: When you purchase a commercial certificate from Certificate Management Service and bind it to your domain name, Alibaba Cloud provides a corresponding complimentary domain name if your domain name is eligible for a commercial certificate.

     Important

     After first applying for a DigiCert DV or Rapid DV certificate, you cannot change the domain name if you withdraw the application or reapply after revoking the certificate. To use a different domain name, you must purchase a new certificate.

   • Auto-managed Certificate

     Specifies whether to enable auto-renewal. If enabled, the system automatically applies for a new certificate before the current one expires.

   • Domain Verification Method

     Note

     • Certificate purchase account: The Alibaba Cloud account used to purchase the target SSL certificate in the Certificate Management Service console.

     • DNS resolution account: The Alibaba Cloud account used to configure DNS resolution for the target domain name in Alibaba Cloud DNS.

     The purchase and DNS accounts are different

     • Manual DNS Verification (recommended): Log on to your DNS service platform and add a CNAME or TXT DNS record.

     • File Verification: Log on to your web server, and create and upload the required validation file to the specified directory.

       Important

       Wildcard domain names do not support file validation.

     The purchase and DNS account are the same

     The system uses the Automatic DNS Verification method. Alibaba Cloud automatically adds a DNS record for the domain name in Alibaba Cloud DNS to verify domain ownership. No manual operation is required.

   • Contact

     Select the contact for this certificate application. The contact information includes an email address and a mobile phone number. To create or modify a contact, click Create Contact or Edit, or go to Contact Management.

     Important

     After the CA receives the certificate application, it sends a validation email to the contact's email address or communicates with the contact using their mobile phone number (only in the Chinese mainland) for the review. Make sure that the contact information is accurate and valid.

   • Location

     Select the city or region where the applicant is located.

   • Encryption Algorithm

     Option	Security	Compatibility	Performance	Recommendation
     RSA_2048	Medium	Widest	Middle	Recommended for general use and suitable for most web applications.
     RSA_3072	High	Good	Lower	Suitable for scenarios with high security requirements, such as finance and payments.
     RSA_4096	Very High	Fair	Low	Recommended only for top-secret or extremely high-security scenarios.
     ECC_256	High	Good	Very High	Suitable for mobile applications, high-concurrency systems, and IoT devices.
     SM2	High	Specific	High	Applicable only to scenarios that require compliance with Chinese cryptographic standards, such as government, state-owned enterprises, and finance.

     • RSA: An asymmetric key encryption algorithm based on the difficulty of factoring large integers. It is the most widely used and has excellent compatibility. Longer keys provide higher security but increase performance overhead.

     • ECC: An asymmetric key encryption algorithm based on the difficulty of the elliptic curve discrete logarithm problem. It achieves the same level of security as RSA with shorter keys, offers higher computational efficiency, and is suitable for resource-constrained environments such as mobile devices and IoT.

     • SM2: A Chinese domestic elliptic curve algorithm released by the State Cryptography Administration of China. It is part of the Chinese national cryptographic standard. Its security is comparable to ECC and is suitable for government, finance, and other scenarios with domestic compliance requirements.

     Note

     Currently, only some brands and types of certificates support the ECC and SM2 algorithms. For more information, see SSL certificate selection.

   • CSR Generation

     A Certificate Signing Request (CSR) is an application file submitted to a CA when you apply for an SSL certificate. It contains your domain name, organization information, and public key. You must securely store the corresponding private key.

     Automatic (recommended)

     Alibaba Cloud automatically creates a CSR and a private key for you. After the certificate is issued, you can directly download the complete file that contains the private key.

     Manual Entry

     You can use tools such as OpenSSL or Keytool to manually generate a CSR and a private key file, which you must store securely. Then, copy the CSR content into the CSR File configuration item. For more information about how to create a CSR and a private key file, see How to create a CSR file.

     Important

     • Securely store your private key. If you lose the private key, the certificate becomes unusable because the key is unrecoverable. You would need to generate a new key pair and request a certificate reissuance.

     • If you apply for a Chinese cryptographic algorithm certificate and select Manual Entry for the CSR, the private key is not stored in Alibaba Cloud. The private key is required to decrypt the obtained certificate. You must contact the party that generated the private key to assist with decryption. This does not apply to Wosign-branded certificates.

     • The encryption algorithm of the CSR must match the Key Algorithm selected above. If you are unsure of the encryption algorithm used by your CSR, you can use the View CSR tool to check it. For more information, see View CSR Details.

     • Certificates issued using this method do not support one-click deployment to other Alibaba Cloud products.

     Select an Existing CSR

     From the CSRs created or uploaded in the Certificate Management Service console, select the CSR that matches the Domains to Bind. For more information about how to create and upload a CSR, see Create a CSR.

   • CSR File

     This parameter is required only when CSR Generation is set to Manual or Select Existing CSR. Enter the content of your CSR file.

   OV certificate

   Note

   After you submit an application for an OV certificate, the CA sends domain ownership verification instructions to the contact by email or phone. The contact must complete the verification as required to confirm domain ownership.

   • Domains to Bind

     • Domain name requirements

       • Type matching: The domain type that you enter (single, multi-domain, or wildcard) must match your purchased certificate.

       • Length limits: The total length must not exceed 253 characters. Each label (a segment separated by the . character) must not exceed 63 characters.

     • Special format requirements

       • Wildcard: Must start with *, such as *.example.com.

       • Chinese domain name: If you use a Chinese domain name, you must convert it to Punycode as prompted in the console. You can also use a conversion tool. For more information, see Chinese Domain Name Conversion.

         Note

         vTrus-branded certificates do not support Chinese domain names.

       • IP addresses: Supported only by some OV single-domain certificates (Brands: GlobalSign and GeoTrust, vTrus, and CFCA).

     • Suffix restrictions: Only GlobalSign-branded certificates support attaching to domain names with the .ru suffix.

     • Complimentary domain names: When you purchase a commercial certificate from Certificate Management Service and bind it to your domain name, Alibaba Cloud provides a corresponding complimentary domain name if your domain name is eligible for a commercial certificate.

   • Contact

     Select the contact for this certificate application. The contact information includes an email address and a mobile phone number. To create or modify a contact, click Create Contact or Edit, or go to Contact Management.

     Important

     After the CA receives the certificate application, it sends a validation email to the contact's email address or communicates with the contact using their mobile phone number (only in the Chinese mainland) for the review. Make sure that the contact information is accurate and valid.

   • Company

     Select the company information for this certificate application, including the name, phone number, and address. To create or modify company information, click Create Company Profile or Edit, or go to Company Information Management.

     Important

     When you apply for an OV certificate for a .gov domain name, the organization name in the domain's WHOIS information must exactly match the company name.

   • Business License

     After you select a Company, the system automatically identifies the business license picture uploaded for the company. If you did not upload a business license picture when you created the company, the business license picture is empty. To ensure a quick review by the CA, we recommend that you upload the company's business license picture.

   • Encryption Algorithm

     Option	Security	Compatibility	Performance	Recommendation
     RSA_2048	Medium	Widest	Middle	Recommended for general use and suitable for most web applications.
     RSA_3072	High	Good	Lower	Suitable for scenarios with high security requirements, such as finance and payments.
     RSA_4096	Very High	Fair	Low	Recommended only for top-secret or extremely high-security scenarios.
     ECC_256	High	Good	Very High	Suitable for mobile applications, high-concurrency systems, and IoT devices.
     SM2	High	Specific	High	Applicable only to scenarios that require compliance with Chinese cryptographic standards, such as government, state-owned enterprises, and finance.

     • RSA: An asymmetric key encryption algorithm based on the difficulty of factoring large integers. It is the most widely used and has excellent compatibility. Longer keys provide higher security but increase performance overhead.

     • ECC: An asymmetric key encryption algorithm based on the difficulty of the elliptic curve discrete logarithm problem. It achieves the same level of security as RSA with shorter keys, offers higher computational efficiency, and is suitable for resource-constrained environments such as mobile devices and IoT.

     • SM2: A Chinese domestic elliptic curve algorithm released by the State Cryptography Administration of China. It is part of the Chinese national cryptographic standard. Its security is comparable to ECC and is suitable for government, finance, and other scenarios with domestic compliance requirements.

     Note

     Currently, only some brands and types of certificates support the ECC and SM2 algorithms. For more information, see SSL certificate selection.

   • CSR Generation

     A Certificate Signing Request (CSR) is an application file submitted to a CA when you apply for an SSL certificate. It contains your domain name, organization information, and public key. You must securely store the corresponding private key.

     Automatic (recommended)

     Alibaba Cloud automatically creates a CSR and a private key for you. After the certificate is issued, you can directly download the complete file that contains the private key.

     Manual Entry

     You can use tools such as OpenSSL or Keytool to manually generate a CSR and a private key file, which you must store securely. Then, copy the CSR content into the CSR File configuration item. For more information about how to create a CSR and a private key file, see How to create a CSR file.

     Important

     • Securely store your private key. If you lose the private key, the certificate becomes unusable because the key is unrecoverable. You would need to generate a new key pair and request a certificate reissuance.

     • If you apply for a Chinese cryptographic algorithm certificate and select Manual Entry for the CSR, the private key is not stored in Alibaba Cloud. The private key is required to decrypt the obtained certificate. You must contact the party that generated the private key to assist with decryption. This does not apply to Wosign-branded certificates.

     • The encryption algorithm of the CSR must match the Key Algorithm selected above. If you are unsure of the encryption algorithm used by your CSR, you can use the View CSR tool to check it. For more information, see View CSR Details.

     • Certificates issued using this method do not support one-click deployment to other Alibaba Cloud products.

     Select an Existing CSR

     From the CSRs created or uploaded in the Certificate Management Service console, select the CSR that matches the Domains to Bind. For more information about how to create and upload a CSR, see Create a CSR.

   • CSR File

     This parameter is required only when CSR Generation is set to Manual or Select Existing CSR. Enter the content of your CSR file.

   EV certificate

   Note

   After you submit an application for an EV certificate, the CA sends domain ownership verification instructions to the contact by email or phone. The contact must complete the verification as required to confirm domain ownership.

   • Domains to Bind

     • Domain name requirements

       • Type matching: The domain type that you enter (single, multi-domain, or wildcard) must match your purchased certificate.

       • Length limits: The total length must not exceed 253 characters. Each label (a segment separated by the . character) must not exceed 63 characters.

     • Special format requirements

       • Wildcard: Must start with *, such as *.example.com.

       • Chinese domain name: If you use a Chinese domain name, you must convert it to Punycode as prompted in the console. You can also use a conversion tool. For more information, see Chinese Domain Name Conversion.

         Note

         vTrus-branded certificates do not support Chinese domain names.

       • IP addresses: Supported only by some OV single-domain certificates (Brands: GlobalSign and GeoTrust, vTrus, and CFCA).

     • Suffix restrictions: Only GlobalSign-branded certificates support attaching to domain names with the .ru suffix.

     • Complimentary domain names: When you purchase a commercial certificate from Certificate Management Service and bind it to your domain name, Alibaba Cloud provides a corresponding complimentary domain name if your domain name is eligible for a commercial certificate.

   • Contact

     Select the contact for this certificate application. The contact information includes an email address and a mobile phone number. To create or modify a contact, click Create Contact or Edit, or go to Contact Management.

     Important

     After the CA receives the certificate application, it sends a validation email to the contact's email address or communicates with the contact using their mobile phone number (only in the Chinese mainland) for the review. Make sure that the contact information is accurate and valid.

   • Company

     Select the company information for this certificate application, including the name, phone number, and address. To create or modify company information, click Create Company Profile or Edit, or go to Company Information Management.

     Important

     When you apply for an OV certificate for a .gov domain name, the organization name in the domain's WHOIS information must exactly match the company name.

   • Business License

     After you select a Company, the system automatically identifies the business license picture uploaded for the company. If you did not upload a business license picture when you created the company, the business license picture is empty. To ensure a quick review by the CA, we recommend that you upload the company's business license picture.

   • Encryption Algorithm

     Option	Security	Compatibility	Performance	Recommendation
     RSA_2048	Medium	Widest	Middle	Recommended for general use and suitable for most web applications.
     RSA_3072	High	Good	Lower	Suitable for scenarios with high security requirements, such as finance and payments.
     RSA_4096	Very High	Fair	Low	Recommended only for top-secret or extremely high-security scenarios.
     ECC_256	High	Good	Very High	Suitable for mobile applications, high-concurrency systems, and IoT devices.
     SM2	High	Specific	High	Applicable only to scenarios that require compliance with Chinese cryptographic standards, such as government, state-owned enterprises, and finance.

     • RSA: An asymmetric key encryption algorithm based on the difficulty of factoring large integers. It is the most widely used and has excellent compatibility. Longer keys provide higher security but increase performance overhead.

     • ECC: An asymmetric key encryption algorithm based on the difficulty of the elliptic curve discrete logarithm problem. It achieves the same level of security as RSA with shorter keys, offers higher computational efficiency, and is suitable for resource-constrained environments such as mobile devices and IoT.

     • SM2: A Chinese domestic elliptic curve algorithm released by the State Cryptography Administration of China. It is part of the Chinese national cryptographic standard. Its security is comparable to ECC and is suitable for government, finance, and other scenarios with domestic compliance requirements.

     Note

     Currently, only some brands and types of certificates support the ECC and SM2 algorithms. For more information, see SSL certificate selection.

   • CSR Generation

     A Certificate Signing Request (CSR) is an application file submitted to a CA when you apply for an SSL certificate. It contains your domain name, organization information, and public key. You must securely store the corresponding private key.

     Automatic (recommended)

     Alibaba Cloud automatically creates a CSR and a private key for you. After the certificate is issued, you can directly download the complete file that contains the private key.

     Manual Entry

     You can use tools such as OpenSSL or Keytool to manually generate a CSR and a private key file, which you must store securely. Then, copy the CSR content into the CSR File configuration item. For more information about how to create a CSR and a private key file, see How to create a CSR file.

     Important

     • Securely store your private key. If you lose the private key, the certificate becomes unusable because the key is unrecoverable. You would need to generate a new key pair and request a certificate reissuance.

     • If you apply for a Chinese cryptographic algorithm certificate and select Manual Entry for the CSR, the private key is not stored in Alibaba Cloud. The private key is required to decrypt the obtained certificate. You must contact the party that generated the private key to assist with decryption. This does not apply to Wosign-branded certificates.

     • The encryption algorithm of the CSR must match the Key Algorithm selected above. If you are unsure of the encryption algorithm used by your CSR, you can use the View CSR tool to check it. For more information, see View CSR Details.

     • Certificates issued using this method do not support one-click deployment to other Alibaba Cloud products.

     Select an Existing CSR

     From the CSRs created or uploaded in the Certificate Management Service console, select the CSR that matches the Domains to Bind. For more information about how to create and upload a CSR, see Create a CSR.

   • CSR File

     This parameter is required only when CSR Generation is set to Manual or Select Existing CSR. Enter the content of your CSR file.

   • Permit for Opening a Bank Account

     This information is required only when applying for a GeoTrust or DigiCert-branded certificate. Upload a clear scanned copy of the company's bank account opening permit.

     Note

     The scanned copy must be in PNG or JPEG format and its size cannot exceed 500 KB.

   • Configuration items specific to CFCA certificates

     • Application Form

       Perform the following steps:

       1. Click Download Template to download the form template to your computer.

       2. Open the form template and edit the content as required.

       3. Print the edited form template and affix the official company seal as required.

       4. Scan the paper form and save it to your computer.

       5. Click Upload File to upload the scanned copy of the paper form from your computer.

     • Lawyer Certificate

       You need to save a scanned copy of the lawyer's certificate to your computer in advance. Then, click Upload File to upload the required scanned copy from your computer.

     • Lawyer's Letter

       Perform the following steps:

       1. Click Download Template to download the lawyer's letter template to your computer.

       2. Open the lawyer's letter template and edit the content as required.

       3. Print the edited lawyer's letter template and attach copies of the lawyer's qualification documents, such as the lawyer's certificate, as required.

       4. Scan the paper lawyer's letter and its attachments, and save them to your computer.

       5. Click Upload File to upload the scanned copies of the paper lawyer's letter and its attachments from your computer.

     • Agent Identity Card or Passport

       You must save a scanned copy of the agent's ID card or passport to your computer in advance. Then, click Upload File to upload the required scanned copy from your computer.

     Note

     The scanned copies of the application form, lawyer's certificate, lawyer's letter, agent's ID card, and agent's passport must be in PNG or JPEG format, and the file size cannot exceed 500 KB.

5. After confirming the certificate application information, you must complete domain ownership verification.

Certificate combination restrictions

To be combined, certificates must meet all of the following conditions:

1. Basic requirements:

   • The certificates must be of the same brand and type.

   • The certificate status must be Pending Application.

   • Certificates cannot be under certificate management. If a certificate is, you must first cancel certificate management.

2. Additional rules for specific brands: Some brands have the following additional restrictions.

   • WoSign: Only DV certificates can be combined.

   • GlobalSign:

     • DV: The primary domain names must be the same. Wildcard domain names and IP addresses are not supported.

     • EV: There are no restrictions on the primary domain name, but wildcard domain names and IP addresses are not supported.

     • OV: There are no restrictions on the primary domain name, and wildcard domain names and IP addresses are supported.

Procedure

1. Log in to the Certificate Management Service console.

2. In the navigation pane on the left, choose Certificate Management > SSL Certificate Management.

3. On the Commercial Certificates tab, use the certificate status drop-down list to select Pending Application. Then, find the target certificate and click Combine Certificates in the Actions column.

4. On the Combine Certificates page, select the certificates to combine with the current certificate, select the confirmation checkbox, and then click Combine Certificates. In the success dialog box, click OK.

5. Find the combined certificate. In the Actions column, click Apply for Certificate. You can find the combined certificate by its name, which starts with cas-merge.

6. In the certificate application panel, follow the prompts to set Domains to Bind and fill in other application information. Then, click Submit.

   • The maximum number of domains for a combined certificate is the sum of the maximums for each individual certificate.

   • For details on other certificate application parameters, see Application information.

7. After you confirm the certificate application information, you must complete domain ownership verification.

How do I choose a verification method?

The console automatically populates a recommended verification method based on the certificate and domain type in your application. You can also refer to How do I select a domain ownership verification method? to help you choose.

Do certificate applications support Chinese domain names?

Yes. When applying for a certificate for a Chinese domain name, you must convert the domain to Punycode as prompted in the console. You can also use a conversion tool. For more information, see Convert Chinese domain names.

Modifying contact information

• If you have not created a contact, click Create Contact in the contact drop-down list while filling out the application.

• To modify an existing contact, click Edit next to the contact in the drop-down list while filling out the application.

• You can also manage contacts in the console under Comprehensive Management > Contact Management. For details, see Manage contacts.

Certificate issuance time

After submitting your application, you must complete domain ownership verification with the Certificate Authority (CA). For more information, see Domain ownership verification. After successful verification, a DV certificate is typically issued automatically within 1 to 15 minutes. The average issuance time for an OV or EV certificate is five calendar days. Review and issuance may take longer, depending on the verification details.

Delayed issuance of Individual Test Certificates

Individual Test Certificate (Formerly Free Certificate) are not available for domains with restricted suffixes. Examples include .edu, .gov, .org, .jp, .pay, .bank, .live, .nuclear, and .ru. If you apply with a domain name that has one of these suffixes, the verification period may be extended, or the application may be rejected.

Company information for OV and EV certificates

Yes. You can manage your company information in the console on the Comprehensive Management > Company Profile Management page. For detailed instructions, see Manage company information.