DocsICP FilingConsole
官方文档
首页

Differences between SSL Certificate Management V2.0 and V1.0

更新时间:
复制 MD 格式
产品详情
我的收藏

SSL Certificate Management V2.0 replaces V1.0 with a subscription model, updated console navigation, shorter certificate validity periods per CA/B Forum policy, and automated hosting for continuous coverage.

Important

Per CA/B Forum policy, SSL/TLS certificate validity periods will continue to shorten. Alibaba Cloud adjusts validity periods starting February 25, 2026. For more information, see Validity period change summary.

Version change summary

As of February 14, 2026, Alibaba Cloud SSL Certificate Management has fully migrated to V2.0.

SSL Certificate Management V2.0 uses a subscription model. After purchase, the system automatically creates a Subscription Instance. Subscription duration and certificate count are decoupled. Each certificate's validity follows the issuing brand's policy. Alibaba Cloud issues consecutive certificates as needed, linked by the hosting service for continuous coverage.

Console menu changes

In the console, the left pane under Certificate Management shows one of these menus:

Console menu

Description

SSL Certificate Management V2.0

SSL Certificate Management (V1.0 — new purchases disabled)

Upgraded to V2.0. Both V1.0 and V2.0 entry points appear to support existing certificates. New purchases are available only through V2.0.

SSL Certificate Management V2.0

Upgraded to V2.0 with no V1.0 certificates. Only the V2.0 menu appears.

Feature changes by version

Feature

SSL Certificate Management (V1.0 — new purchases disabled)

SSL Certificate Management V2.0

Purchase certificates

No longer available. Go to SSL Certificate Management V2.0.

Individual Test Certificate (Pro) subscription duration is now 6 months. One-year subscriptions are no longer available.

Purchase configuration changes:

  • Removed Certificate-related Information and Advanced Settings (message reminders).

  • Added an Automated Management option (free). Before expiration, the system auto-applies for the next certificate, consuming one hosting quota. Low quotas trigger automatic purchases. Hosting fails if the account balance is insufficient.

  • When purchasing by domain name, the Combine Certificates for Issuance option. If you enter multiple domain names, they are merged into a single certificate instance.

Create certificates

Available with remaining V1.0 quotas.

Not supported. After purchase, the system automatically creates a Subscription Instance.

Request certificates

Supported.

Request configuration changes:

  • Added an Auto-managed Certificate option (optional, can be disabled from the certificate list).

  • Removed Advanced Settings (message reminders). Reminders are now enabled by default. To adjust, go to Certificate and Domain Application Services > Notification.

Merge certificate requests

Supported for pending V1.0 requests.

Not supported.

Deploy certificates

Available for issued V1.0 certificates.

Certificates requested and issued in SSL Certificate Management V2.0 can be downloaded and deployed.

Message reminders

Configurable per certificate.

Enabled by default. To adjust after purchase, go to Certificate and Domain Application Services > Notification.

Upgrade certificates

Supported for V1.0 Individual Test Certificate (Formerly Free Certificate) certificates. They can be upgraded to Individual Test Certificate (Pro).

Not supported. Instead, purchase a Individual Test Certificate (Pro).

Renew certificates

Supported for V1.0 Individual Test Certificate (Pro) or Commercial Certificates certificates.

Not supported after expiration. May be available in future updates.

Append or replace domain names

Supported for issued V1.0 certificates.

Not supported. May be available in future updates.

API

V1.0 certificates continue to use the original APIs.

Operations on SSL Certificate Management V2.0 certificates require the subscription instance APIs.

Validity period change summary

The CA/B Forum mandates progressively shorter certificate validity periods:

  • Starting March 15, 2026: The maximum TLS certificate validity period is 200 days.

  • Starting March 15, 2027: The maximum TLS certificate validity period is 100 days.

  • Starting March 15, 2029: The maximum TLS certificate validity period is 47 days.

Execution timelines vary by certificate brand.

Important

  • Shorter validity periods mean more frequent replacements. Track expiration dates and update certificates promptly to avoid service disruptions.

  • Certificates that use the SM2 algorithm still have a 1-year validity period. This rule does not apply to them.

Existing V1.0 certificates

Starting February 25, 2026, the renewal option for V1.0 certificates becomes available 15 days before expiration. Certificates with more than 15 days remaining cannot be renewed.

Note

  • If V1.0 quotas remain, the system uses them first. Renewed certificates appear in SSL Certificate Management (V1.0 — new purchases disabled).

  • If no V1.0 quotas remain, renewal is charged. Renewed certificates appear in SSL Certificate Management V2.0.

  • After renewal, manually apply for the first certificate. With Automatic Hosting enabled, the system handles application, issuance, and deployment of subsequent certificates.

Type/brand

Details

Individual Test Certificate (Pro)

  • Issued before February 25, 2026 Individual Test Certificate (Pro):

    • Certificate validity: Each certificate remains valid for 1 year.

    • Certificate count: Each certificate quota generates 1 Issued certificate.

    • Expiration reminder: The system sends an expiration reminder 15 days before each certificate expires.

    • Automated management: If Auto-managed Certificate is enabled, the system automatically initiates an application for the next certificate 15 days before expiration. If automatic submission conditions are not met, apply manually.

  • Issued on or after February 25, 2026 Individual Test Certificate (Pro):

    • Certificate validity: Each certificate validity period changes to 6 months.

    • Certificate count: Each certificate quota generates 1 Issued certificate valid for 6 months and 1 Not Activated certificate, with Auto-managed Certificate service automatically enabled at no additional charge. No Auto-managed Certificate service fee is charged (only for these two certificates under this quota).

    • Expiration reminders: The system sends expiration reminders 15 days before each certificate expires.

    • Automated management: If Auto-managed Certificate is enabled, the system automatically applies for the next certificate 15 days before expiration. If automatic submission fails, submit manually.

  • DigiCert

  • DigiCert Pro

  • Rapid

  • GeoTrust

  • Issued before February 25, 2026 Commercial Certificates:

    • Certificate validity: Each certificate remains valid for 1 year.

    • Certificate count: Each certificate quota generates 1 Issued certificate.

    • Expiration reminder: The system sends an expiration reminder 15 days before each certificate expires.

    • Automated management: If Auto-managed Certificate is enabled, the system automatically initiates an application for the next certificate 15 days before expiration. If automatic submission conditions are not met, apply manually.

  • Issued on or after February 25, 2026 Commercial Certificates follow these rules:

    • Certificate validity: Each certificate validity period changes to 6 months.

    • Certificate count:

      • One-year SSL certificate: Each certificate quota generates 1 Issued certificate valid for 6 months and 1 Not Activated certificate, with Auto-managed Certificate service automatically enabled at no additional charge. No Auto-managed Certificate service fee is charged (only for these two certificates under this quota).

      • Multi-year SSL certificates: Each quota generates multiple certificates, each following the brand's validity policy at issuance. Enough hosting instances are included to cover replacements during your subscription (limited to this quota).

    • Expiration reminders: The system sends expiration reminders 15 days before each certificate expires.

    • Automated management: If Auto-managed Certificate is enabled, the system automatically applies for the next certificate 15 days before expiration. If automatic submission fails, submit manually.

    • Existing pending requests: Certificates requested but not yet issued before February 25, 2026 will be resubmitted under the new validity period policy.

  • GlobalSign

  • vTrus

  • CFCA

  • Wosign

  • Issued before March 15, 2026 Commercial Certificates:

    • Certificate validity: Each certificate remains valid for 1 year.

    • Certificate count: Each certificate quota generates 1 Issued certificate.

    • Expiration reminder: The system sends an expiration reminder 15 days before each certificate expires.

    • Automated management: If Auto-managed Certificate is enabled, the system automatically initiates an application for the next certificate 15 days before expiration. If automatic submission conditions are not met, apply manually.

  • Issued on or after March 15, 2026 Commercial Certificates:

    • Certificate validity: Each certificate validity period changes to 6 months.

    • Certificate count:

      • One-year SSL certificate: Each certificate quota generates 1 Issued certificate valid for 6 months and 1 Not Activated certificate, with Auto-managed Certificate service automatically enabled at no additional charge. No Auto-managed Certificate service fee is charged (only for these two certificates under this quota).

      • Multi-year SSL certificates: Each quota generates multiple certificates, each following the brand's validity policy at issuance. Enough hosting instances are included to cover replacements during your subscription (limited to this quota).

    • Expiration reminders: The system sends expiration reminders 15 days before each certificate expires.

    • Automated management: If Auto-managed Certificate is enabled, the system automatically applies for the next certificate 15 days before expiration. If automatic submission fails, submit manually.

    • Existing pending requests: Certificates requested but not yet issued before March 15, 2026 will be resubmitted under the new validity period policy.

V2.0 validity period adjustments

Type/brand

Details

Individual Test Certificate (Pro)

  • Issued before February 25, 2026 Individual Test Certificate (Pro):

    • Certificate validity: Each certificate remains valid for 1 year.

    • Certificate count: Each certificate quota generates 1 Issued certificate.

    • Expiration reminder: The system sends an expiration reminder 15 days before each certificate expires.

    • Automated management: If Auto-managed Certificate is enabled, the system automatically initiates an application for the next certificate 15 days before expiration. If automatic submission conditions are not met, apply manually.

  • Issued on or after February 25, 2026 Individual Test Certificate (Pro):

    • Certificate validity: Each certificate validity period changes to 6 months.

    • Certificate count: Each certificate quota generates 1 Issued certificate valid for 6 months and 1 Not Activated certificate, with Auto-managed Certificate service automatically enabled at no additional charge. No Auto-managed Certificate service fee is charged (only for these two certificates under this quota).

    • Expiration reminders: The system sends expiration reminders 15 days before each certificate expires.

    • Automated management: If Auto-managed Certificate is enabled, the system automatically applies for the next certificate 15 days before expiration. If automatic submission fails, submit manually.

  • DigiCert

  • DigiCert Pro

  • Rapid

  • GeoTrust

  • Issued before February 25, 2026 Commercial Certificates:

    • Certificate validity: Each certificate remains valid for 1 year.

    • Certificate count: Subscription duration and certificate count are decoupled. Each certificate's validity follows the brand's policy at issuance. Alibaba Cloud issues multiple certificates as needed to cover your subscription.

    • Expiration reminder: The system sends an expiration reminder 15 days before each certificate expires.

    • Automated management: If Auto-managed Certificate is enabled, the system automatically initiates an application for the next certificate 15 days before expiration. If automatic submission conditions are not met, apply manually.

  • Issued on or after February 25, 2026 Commercial Certificates:

    • Certificate validity:

      • Subscription duration of 6 months: Each certificate validity period changes to 6 months.

      • Subscription duration longer than 6 months: Maximum validity per certificate is 199 days.

    • Certificate count: Subscription duration and certificate count are decoupled. Each certificate's validity follows the brand's policy at issuance. Alibaba Cloud issues multiple certificates as needed to cover your subscription.

    • Expiration reminders: The system sends expiration reminders 15 days before each certificate expires.

    • Automated management: If your subscription duration exceeds 6 months and Auto-managed Certificate is enabled, the system auto-applies for the next certificate 15 days before expiration. If automatic submission fails, submit manually.

    • Existing pending requests: Certificates requested but not yet issued before February 25, 2026 will be resubmitted under the new validity period policy.

  • GlobalSign

  • vTrus

  • CFCA

  • Wosign

  • Issued before March 15, 2026 Commercial Certificates:

    • Certificate validity: Each certificate remains valid for 1 year.

    • Certificate count: Subscription duration and certificate count are decoupled. Each certificate's validity follows the brand's policy at issuance. Alibaba Cloud issues multiple certificates as needed to cover your subscription.

    • Expiration reminder: The system sends an expiration reminder 15 days before each certificate expires.

    • Automated management: If Auto-managed Certificate is enabled, the system automatically initiates an application for the next certificate 15 days before expiration. If automatic submission conditions are not met, apply manually.

  • Issued on or after March 15, 2026 Commercial Certificates:

    • Certificate validity:

      • Subscription duration of 6 months: Each certificate validity period changes to 6 months.

      • Subscription duration longer than 6 months: Maximum validity per certificate is 199 days.

    • Certificate count: Subscription duration and certificate count are decoupled. Each certificate's validity follows the brand's policy at issuance. Alibaba Cloud issues multiple certificates as needed to cover your subscription.

    • Expiration reminders: The system sends expiration reminders 15 days before each certificate expires.

    • Automated management: If your subscription duration exceeds 6 months and Auto-managed Certificate is enabled, the system auto-applies for the next certificate 15 days before expiration. If automatic submission fails, submit manually.

    • Existing pending requests:

      Certificates requested but not yet issued before March 15, 2026 will be resubmitted under the new validity period policy.
Previous:SSL certificate managementNext:SSL Certificates Service V2.0