How to Apply for a Free Alibaba Cloud DV SSL Certificate

aliyun free ssl certificatesymantec dv sslhow to apply ssl certificatedomain validation ssldeploy ssl certificate nginx

Published·Oct 22, 2016Modified·Jun 21, 2017

Alibaba Cloud has offered free DV SSL certificates for some time. Previously, they partnered with WoTong, but after Mozilla took action to revoke all certificates issued by WoTong and StartSSL within the year, WoTong closed its free SSL application service, and partners followed suit. However, Alibaba quickly resumed cooperation with Tianwei Trust to launch Symantec's free SSL certificates.

wotong203637

Start Application

First, log in to your Alibaba Cloud account and open the application page: Cloud Shield Certificate Service. Select the options below and click "Buy Now" to complete the checkout.

Brand: Symantec
Certificate Type: Free DV SSL
Protection Type: 1 Domain
Number of Domains: 1

buyfreessl

Fill in Information

After successful purchase, go to the Alibaba Cloud backend -> CA Certificate Service -> Find the pending order to complete the details.

ca_205242

buquan_205327

tianxie_211654

Fill in your domain name

Next, fill in your personal information. Pay attention to the domain verification type: if your domain does not have a website yet, choose DNS verification; if the website is already built, you can choose file verification.

geren

The final step is generating the CSR file. If you are not familiar with this, it is recommended to choose system generation. Once the CSR is created, submit it for review.

csr

Verification

After submission, the status will change to "Under Review." You will receive an email from Tianwei Trust requiring you to add a CNAME record for your domain. For example, you might be asked to point osn4nn4txpm6q2ki35pvchuq2na3yel.xiaoz.top to s20161021220646.xiaoz.top.

youjian

You need to go to your domain registrar to configure the resolution. Enter the host name as osn4nn4txpm6q2ki35pvchuq2na3yel, select the type as CNAME, and enter the value as s20161021220646.xiaoz.top. Then wait for the resolution to take effect. Note: This step uses www.xiaoz.top as a demonstration; please check your email for the specific host name and value.

Be sure to double-check your resolution records. If the value is entered incorrectly, the process will fail. You can try resubmitting and adding a new resolution record.

Download and Deploy Certificate

If you have correctly added the resolution, the certificate should be issued within a few minutes. You can download the certificate for your specific server type from the backend. If you use Nginx as your web server, refer to: How to Deploy SSL Certificates with Nginx.

xiazai221418

Summary

Due to Mozilla potentially revoking some certificates issued by WoTong and StartSSL within the year, applying for StartSSL free certificates is no longer recommended (WoTong has already closed free applications). Other free certificates are not significantly different, but Alibaba Cloud allows you to submit your own CSR and revoke certificates (features not supported by Tencent Cloud).