SSL Certificate Service

Product Announcement

because Certificate manufacturer policy adjustment The original free 1-year TrustAsia DV SSL single domain name certificate will be issued for a fee of 699 yuan/year/piece from now on.

1、 Issued The certificate of can still be used for free within the validity period. One click free renewal is not supported after expiration.

2. Before the charging policy takes effect, if the certificate order purchased for free or 0 yuan is in the To be reviewed After charging online:

The certificate is approved successfully and issued normally. During the validity period of the certificate, it is still free of charge and occupies the amount of free certificate
If the certificate review fails, the order will be refunded and invalid, and the amount of free certificate will be returned

3. Before the charging policy takes effect, if the certificate order purchased for free or 0 yuan is in the To be completed or Canceled 、 Application failed After charging online:

The order will be refunded and invalid, and the amount of free certificate will be returned

Product Introduction

HTTPS (full name: HyperText Transfer Protocol over Secure Socket Layer), in fact, HTTPS is not a new protocol. Google has started to enable it for a long time, originally to protect data security. In the past two years, Internet giants such as Google, Baidu, Facebook, etc. have coincidentally started to vigorously promote HTTPS, and many large Internet companies at home and abroad have also started to use full site HTTPS, which is also the trend of future Internet development.

To encourage the HTTPS implementation of global websites, Google even adjusted the search engine algorithm to make websites using HTTPS rank higher in the search. Since 2017, Chrome browser has marked websites using HTTP protocol as unsafe websites, and all applications in Apple App Store must also use HTTPS encryption connection; At present, the popular WeChat applet in China also requires the use of HTTPS protocol; The support of the new generation of HTTP/2 protocol needs to be based on HTTPS. Therefore, HTTPS for the whole network must be imperative in the near future.

However, if the website wants to use HTTPS services, it must apply for the relevant SSL certificate from the CA (Certificate Authority) for the domain name. To this end, Youpaiyun provides a one-stop service for SSL certificates, and users can directly take Youpaiyun SSL certificate subscription Platform subscription of various SSL certificates (including free subscription of DV SSL certificates); At the same time, users can also voluntarily choose to deploy the purchased certificates on the Zapai Cloud CDN platform with one click. Because of the platform's global automated management, the best HTTPS acceleration solution is adopted, which can help users enjoy the best services at the lowest cost and complete the conversion of website HTTP to HTTPS.

Terminology

HTTPS

HTTPS (full name: HyperText Transfer Protocol over Secure Socket Layer) is a secure HTTP channel, that is, the secure version of HTTP. The security foundation of HTTPS is SSL/TLS, which provides the methods of authentication and encrypted communication, and is now widely used for security sensitive communication on the World Wide Web, such as transactions and payments.

SSL (Secure Socket Layer)

SSL is developed by Netscape to ensure the security of data transmission on the Internet. Using data encryption technology, it can ensure that data will not be intercepted during transmission on the network. SSL protocol is between TCP/IP protocol and various application layer protocols, providing security support for data communication.

TLS (Transport Layer Security)

The transport layer encryption protocol, formerly the SSL protocol, was renamed TLS after being discussed and standardized by the IETF (The Internet Engineering Task Force) in 1999. So far, there are three versions of TLS 1.0, TLS 1.1 and TLS 1.2. TLS 1.3 will be greatly changed and is still in the stage of release. Currently, TLS 1.1 and TLS 1.2 are the most widely used.

SSL Certificate

An SSL certificate is a server digital certificate that complies with the SSL protocol. It is issued by a trusted digital certificate authority CA after verifying the domain name and server identity. It has the functions of server authentication and data transmission encryption.

CA (Certificate Authority) is the authority responsible for issuing and managing digital certificates, and as a trusted third party in e-commerce transactions, it undertakes the responsibility of verifying the legitimacy of public keys in the public key system.

CSR (Certificate Signing Request)

CSR is a necessary file for making SSL certificates. Usually, it is automatically generated by the CA organization, and users can also create their own. When generating the CSR file, they will also generate a private key (kept by the user). Users only need to submit the CSR file to the CA, and the CA will use its root certificate private key to sign the CSR file to generate the user's certificate.

RSA

RSA public key encryption algorithm was proposed by Ron Rivest, Adi Shamir and Leonard Adleman in 1977. It is the first algorithm that can be used for encryption and digital signature at the same time. Since it was proposed, it has experienced various attacks and can resist most known cryptographic attacks so far. It has been recommended as a public key data encryption standard by ISO

ECC

ECC (Elliptic Curves Cryptography) is also a public key encryption algorithm. Compared with the mainstream RSA algorithm, ECC algorithm can use shorter keys to achieve the same level of security, with higher security and faster processing speed. Its mathematical basis is the computational difficulty of elliptic discrete logarithm on Abel addition group formed by rational points on elliptic curve.

SM2

SM2 is a public key cryptography algorithm standard based on elliptic curve cryptography, including digital signature, key exchange and public key encryption, which was released by the State Encryption Administration on December 17, 2010. SM2 algorithm is used to replace RSA algorithm in our national commercial password system. Its password complexity is high, processing speed is fast, and machine performance consumption is less, which can better meet the application requirements of electronic authentication service system.

Domain name SSL certificate (DV SSL)

That is, the certification authority only checks the domain name owner online, usually to verify the content of a specified file under the domain name, or to verify a TXT record related to the domain name; For example, visit [http | https]://www.domain. com/.../test.txt, the file content: 2016082xxxxxx39w7b20nelfa; Or add a TXT record: www.domain.com –>TXT –>20170xxxxxqmkiby43hpvy8

Enterprise SSL Certificate (OV SSL)

The buyer is required to submit the organization data, unit authorization letter and other officially registered certificates. Before issuing the SSL certificate, the certification authority must not only verify the ownership of the domain name, but also check the authenticity and legality of these data in many ways. Only those that pass the verification can issue the SSL certificate.

Enhanced SSL Certificate (EV SSL)

Like other SSL certificates, they are based on the SSL/TLS security protocol, but the verification process is more specific and detailed, and there are more verification steps, so the website bound to the certificate is more reliable and trusted. It is also obviously different from ordinary SSL certificates. The address bar of the security browser turns green. If it is an untrusted SSL certificate, it will be refused to display. If it is a phishing website, the address bar will turn red to alert users.

Code signing certificate

Code Signing Certificates are used to identify the source of software or code and the true identity of the software developer, and ensure that the software is not tampered with maliciously. The signed software will not pop up a security warning when downloading and installing. Users can effectively identify the credibility of the software, so as to establish a good software brand reputation.

State secret certificate

The national security SSL certificate adopts the SM2 public key algorithm system independently developed by our country, supports the domestic cryptographic algorithm and the national security SSL security protocol, and uses the national security algorithm to achieve high strength SSL encryption connection and server identity authentication, which is suitable for websites that require national security compliance. The national security SSL certificate can meet the localization transformation and national security algorithm compliance requirements of government institutions, public institutions, large state-owned enterprises, financial banks and other industrial customers.

Product Functions

Subscription of SSL certificate

Youpaiyun has provided various DV/OV/EV SSL certificates of DigiCert, GeoTrust, GlobalSign, TrustAsia, sslTrust, Let's Encrypt Subscription service Among them, DigiCert, Let's Encrypt DV SSL single domain name certificates can be applied for free.

Quick Issue

Filling in relevant information and one click subscription are simple and convenient, the process is fully automated, no need for manual assistance, and the subscription cycle is greatly shortened, so that the certificate can be issued quickly.

Self service management

The Youpai Cloud platform not only supports the subscription of the above certificates, but also supports the uploading and management of certificates issued by any organization. All SSL certificates are self managed and monitored in a centralized way, so that users can use them with more confidence and ease.

One click deployment

It provides the function of one click deployment of SSL certificates to Zaopai Cloud CDN products. Users can voluntarily choose to help users protect data security more quickly and complete the conversion of website HTTP to HTTPS.

Product advantages

Apply for SSL certificate for free

Youpaiyun provides two free application schemes for certificates, which users can use SSL certificate subscription Platform, apply for DV SSL certificates of DigiCert and Let's Encrypt for free, and help users deploy HTTPS in the whole station at zero cost. In addition, it also realizes the automatic renewal of Let's Encrypt certificates when they expire, so that users do not need to worry about the expiration time of certificates and reduce maintenance costs.

Cooperation with leading international CA institutions

Also, Paiyun, together with TrustAsia, cooperated with DigiCert, GeoTrust and GlobalSign, the top international digital certificate providers, and launched the subscription of domain name SSL certificate (DV SSL), enterprise SSL certificate (OV SSL) and enhanced SSL certificate (EV SSL).

DigiCert is the world's largest information security service provider. The certificate issued by DigiCert can be supported and trusted by all browsers, which can ensure that the browser gives correct web page security prompts when users visit, and ensure that users' interests are maximized, so that users really feel safe and reliable.

GeoTrust is the world's second largest digital certificate provider, and also a leader in the field of identity authentication and trust authentication. Its advanced technologies enable organizations and companies of all sizes to deploy SSL digital certificates and achieve various identity authentication safely and cheaply.

GlobalSign is a prestigious and trusted CA center and SSL digital certificate provider, which has issued more than 20 million digital certificates in the world; Its professional strength has won the favor of many servers, domain name registrars and system service providers in the Chinese market, and has become its digital certificate service partner.

TrustAsia ® (Asia Integrity) is a brand applied in the field of information security by Asus Information Technology (Shanghai) Co., Ltd., specializing in providing enterprises with all network security services including digital certificates, and is a platinum partner of DigiCert.

SslTrus is a cost-effective domestic brand SSL certificate developed by Ruicheng Information on the basis of the global cutting-edge CA basic services. It provides comprehensive network security solutions for enterprises of different sizes and is popular among domestic small and medium-sized enterprises.

One click certificate application

The user only needs to submit the domain name, fill in the necessary information, and click Apply to complete the purchase of the certificate; For free certificates, the system will automatically deploy the certificates on the CDN platform; For paid certificates, users can deploy the certificates on the CDN platform with one click as required; Both can be perfectly integrated with Youpai Cloud CDN products to realize the whole site HTTPS acceleration service.

Easy to use and manage

Whether the user uploads his own certificate or applies for various certificates through Apsara Cloud, they can be downloaded from the SSL Certificate Service The unified management in the makes it convenient for users to perform various operations on certificates, and there is no need for human assistance throughout the process. The public key and private key are more secure, so that users can feel relieved and relieved, and at the same time, users' work efficiency is improved.

Improve website search ranking

Google pointed out in its official blog released in 2014 that its search engine algorithm has been adjusted, and websites using HTTPS encryption will rank higher in search results. Its goal is very simple. It is to encourage global websites to adopt HTTPS with higher security to ensure the safety of visitors. Therefore, the website adopts HTTPS protocol, which can attract more users to visit, enhance the value of the website, and increase revenue.

Use Scenarios

After users purchase an SSL certificate from Zaiyun, this SSL certificate enables the website to complete the conversion from HTTP to HTTPS. Because HTTPS uses SSL/TLS encryption layer, it can ensure more secure and reliable subsequent transmission of website data, prevent traffic hijacking, impersonation, phishing, etc.

If users have purchased the CDN service of Youpaiyun at the same time, they can also choose to deploy the SSL certificate in the CDN acceleration product. While realizing the website HTTPS, they can also enjoy the high-quality HTTPS acceleration solution of Youpaiyun.

Version iteration

V1.0

On December 21, 2016, let's encrypt DV SSL single domain name certificate free application service was launched. HTTPS configuration items were added in CDN whole network and live broadcast acceleration configuration

V1.1

On February 7, 2017, the free application service for TrustAsia DV SSL single domain name certificate (issued by DigiCert) was launched

V2.0

On March 30, 2017, DigiCert, GeoTrust and TrustAsia launched various paid DV SSL, OV SSL and EV SSL certificate subscription services

V2.1

On February 14, 2020, GlobalSign brand OV SSL, EV SSL certificate subscription services will be launched online

Buying Guide

Purchase process

The process of purchasing SSL certificates through Zapaiyun is more simple and convenient:

Price overview

Price list:

explain:

1、 Single domain name and universal domain name certificates only involve one domain name, so the unit price is the price in the above table;

2、 For the enhanced EV SSL certificate, there is only a multi domain name certificate, and there is no multi domain name pan domain name certificate;

3、 The price of multi domain name certificate and multi domain name pan domain name certificate is calculated as follows:

DigiCert brand

Calculation formula (take one-year validity certificate as an example):

 Assumptions: 1-year standard domain name price=A; Number of standard domain names=B 1-year universal domain name price=C; Number of universal domain names=D Price of 1-year standard domain name professional edition=E Price of 1-year Pan domain Professional Edition=F Then: Multi domain name certificate price=A * B Multi domain professional certificate price=E * B Multi domain universal domain name certificate price=A * B+C * D Multi domain universal domain professional certificate price=E * B+F * D

Geotrust, TrustAsia brands

By default, 5 standard domain names are supported (the default domain name does not include the universal domain name), and the calculation formula (take the one-year validity certificate as an example):

 Assumptions: 1-year standard domain name price=A; Number of standard domain names=B 1-year universal domain name price=C; Number of universal domain names=D Additional price of 1-year standard domain name=E Then: Multi domain name certificate price=A+E * (B - 5) If B - 5<0, it will be calculated as 0 Multi domain universal domain name certificate price=A+E * (B-5)+C * D If B-5<0, it is calculated as 0

Refund service

condition

If the SSL certificate has been successfully issued by CA, it cannot be refunded; Refunds are not supported for free applied domain name (DV SSL) certificates; The subscribed SSL certificate can be refunded for free before the information is submitted for review or after the subscription fails;

technological process

Currently, refund application is only supported by submitting a work order.

certificate revocation

If the user finds that the private key of the SSL certificate is leaked due to the attack of the origin server or other reasons, he can choose to revoke the certificate; After the certificate is revoked, all browsers and clients will no longer trust the revoked certificate, and an unsafe reminder will appear. For example here 。

Currently, certificate revocation applications are only supported by submitting work orders.

quick get start

Also, Paiyun, together with TrustAsia, has reached strategic cooperation with DigiCert, GeoTrust and GlobalSign, and launched the subscription of various domain name DV SSL, enterprise OV SSL and enhanced EV SSL certificates;

Youpaiyun has also cooperated with international certificate providers Let's Encrypt and DigiCert to provide users with a DV SSL certificate application for free. When the certificate expires, it will be automatically renewed. The operation is simple and convenient. The certificate application and deployment can be completed with one click. Users can make multiple choices according to their own conditions to meet the needs of different scenarios.

The detailed operation steps are as follows:

Subscription of payment certificate

Step 1: register Take another cloud account and complete it Real name authentication ；

Step 2: Enter SSL certificate service, toolbox ->SSL certificate service ->purchase certificate;

Step 3: click the Subscription certificate , as shown in the figure below, select the certificate brand, and select the type and validity of the certificate to be purchased;

Step 4: check the subscription information;

Step 5: Confirm payment;

In order to prevent malicious operations, Zaiyun provides a payment verification function. When paying, a verification code will be sent to register The mobile phone number used when taking the cloud account again.

Step 6: After the payment is completed, the order enters Purchase List , at To be completed Status,

Step 7: Click completion Button, fill in domain name, company, contact person and other information,

Note: When applying for multi domain name certificate and multi domain name pan domain name certificate, the main domain name can only fill in the standard domain name.

Step 8: After completing the information, click Submit to verify the information.

stay Certificate subscription Interface, click Application result Find the corresponding subscription record and click see Get the relevant domain name verification information. Please refer to here

(1) If DV SSL certificate is applied

After adding the domain name verification information, the subscription will enter the CA organization information review and verification status, which generally takes 1 working day

(2) If OV or EV SSL certificate is applied

After adding the domain name verification information, the enterprise organization verification is also required, and CA organization staff may pass Enterprise official telephone Contact you. If the phone cannot be answered normally, contact the customer manager to submit Information Confirmation Letter To verify. After the verification is completed, the subscription will enter the CA organization's information review and verification status, which generally takes 3-5 working days

Step 9: View the application result, toolbox ->SSL certificate service ->purchase certificate;

click Application result To view the application status, click cancel Button to modify the subscription information or stop the subscription.

If the status is displayed as Issued , it indicates that the certificate has been successfully purchased, and can be carried out at this time download 、 Deploy to CDN And so on.

download You can select the corresponding file format according to your server type, and batch download is supported. The national security certificate and self generated csr file can only be downloaded in the default format.

If you choose to change the certificate Deploy to CDN , you can enter Certificate Management Interface, perform Configuration Action 。

Subscription of two-year automatic renewal certificate

At present, the validity of SSL certificates issued by global CA institutions will not exceed 13 months. In order to facilitate the use of customers, Paiyun has launched a two-year automatic renewal certificate.

1. Definition

Two year automatic renewal certificate: It consists of two one-year certificates. That is, when the first one-year certificate is about to expire (25 days remaining), Paiyun will automatically help customers renew the second one-year certificate.

2. Special, special, special attention

When the second annual validity certificate is successfully renewed, you will receive SMS and email reminders. At this time, you must log in to the cloud console and download the new certificate, and then replace the old certificate of the first year in other related places. Otherwise, when the certificate of the first year expires, it will affect business use.

3. Subscription process

The purchase process is the same as the above payment certificate application process, but the difference is that the 2-year automatic renewal certificate will generate two orders: 1) When the purchase application is made, the order corresponding to the certificate with the validity of the first year will be generated first: the first year order. 2) When the validity certificate of the first year is about to expire (25 days remaining), Payun will automatically renew the order to generate the second annual validity certificate: the order of the next year.

2-year certificate chart

Subscription of code signature certificate

Code Signing Certificates: used to identify the source of software or code and the true identity of the software developer, and to ensure that the software is not tampered with maliciously. The signed software will not pop up a security warning when downloading and installing. Users can effectively identify the credibility of the software, so as to establish a good software brand reputation.

Another auction has supported two types of code signing certificates: Microsoft Standard Code Signing Certificate and Microsoft Enhanced EV Code Signing Certificate.

Type I: Microsoft Standard Code Signing Certificate

introduce For developers and software vendors of Windows applications, using Microsoft code signing certificates can reduce the error messages of applications and improve your credibility. Software manufacturers and individual developers can digitally sign and stamp the software they distribute through the Internet. This digital signature ensures that the end user knows that the software is legal, comes from well-known software manufacturers, and that the program code word has not been tampered with since its release

characteristic Providing standard level authentication requires shorter processing time and lower cost. It cannot be used for LSA and UEFI file signatures. It cannot be used for kernel mode drivers

Effect display enter image description here

Type 2: Microsoft Enhanced EV Code Signing Certificate

introduce On SmartScreen ® Reputation is quickly and automatically established in the filter to avoid warning messages and increase user trust; Support Windows 10 kernel driver signature, and also compatible with Windows Mobile, standard code, kernel signature, Office signature VBA signature; SmartScreen above Windows 8 and IE 9 ® Quickly and automatically establish reputation in the filter.

characteristic Providing the highest level of authentication requires a long processing time and high cost. The kernel mode driver signature service required by LSA and UEFI file signature services can be used for signing in all scenarios

Effect display enter image description here

Comparison of two types of certificates

	Microsoft Standard Code Signing Certificate	Microsoft EV Code Signing Certificate
UEFI Firmware Signature	support	no
WHQL Logo Certification	support	no
SmartScreen security certification	support	no
Microsoft Driver Submission	support	no
Private key hardware protection	support	no
LSA plug-in signature	support	no
Microsoft Code Signature	support	support
Office&VBA code signature	support	support
Android code signature	support	support
Java code signature	support	support
Adobe AIR code signature	support	support

Subscription of code signature certificate Its subscription method and paid SSL certificate apply for the purchase Same way

Subscription of national security certificate

Because the national security algorithm is not widely compatible with all mainstream browsers, the current compatible national security browsers are 360 browser, confidential message browser, Honglianhua browser, and other mainstream browsers that only support international algorithms, such as Chrome, will report an error on the national security SSL certificate.

At present, we have already launched two types of national security certificates, namely, DV and OV, which can issue single domain, multi domain, pan domain and multi domain pan domain.

Subscription of national security certificate Its subscription method and paid SSL certificate apply for the purchase Same way

Note: The CSR file of the national security certificate only supports pasting CSR online generation tool Build. Currently, the national security certificate does not support one click deployment and CDN and other cloud products, but it supports downloading the certificate and then uploading and deploying it in the form of its own certificate.

Subscription of free certificates

The first one, two, three, four, five and six steps are consistent with the purchase steps of the payment certificate;

Step 7: On the CDN platform Create Service , and bind the domain name for which the certificate is required;

Step 8: Go to the service provider where the domain name is located to modify CNAME record , if the CNAME record is not modified, the certificate application will fail;

Step 9: Enter SSL certificate service, toolbox ->SSL certificate service ->purchase certificate;

stay Subscription certificate Interface, click Purchase List Find the corresponding subscription record and click completion

Step 10: Fill in the domain name

The domain name filled in here must be the domain name that has been filed and has completed the operations in steps 7 and 8 above;

Step 11: Verify domain name ownership

Step 12: Submit the application, wait for CA organization to review and issue the certificate

stay Application result , if the application status is displayed as Issued , it indicates that the certificate has been successfully subscribed

Step 13: After the certificate application is successful, the system will automatically deploy the certificate to the Zappos Cloud CDN platform and bind it to the corresponding domain name, without manual operation. Simultaneously accessible Certificate Management Interface, perform Configuration Action ；

DV SSL certificate verification

When the purchased certificate is a TrustAsia DV SSL single domain name (only the domain name and main domain name beginning with www, such as www.upyun.com upyun.com ）, multiple domain names, and universal domain name certificates require domain name ownership verification in the following ways.

1. DNS authentication

Modify DNS of domain name, add CNAME record , and then CA will resolve the domain name CNAME record To verify domain name ownership

Take Alibaba Cloud for example, CNAME record The method to add is as follows:

2. File verification

On the origin server, create directories and files related to the domain name, and then CA verifies the ownership of the domain name by accessing the relevant files and reading the file contents

give an example:

If the domain name is www.upyun.com , the CA authority's address for authentication access is: http| https://www.upyun.com/.well-known/pki-validation/fileauth ；

If the domain name is universal *.upyun.com , the CA authority's address for authentication access is: http| https://upyun.com/.well-known/pki-validation/fileauth 。

fileauth The content in the file is: 201703212055513616t9uk2pok3zmu2b7m3nc4c8mkudogfpvyj2w2gebhkypy58

be careful:

CA organization support http or https To access the authentication link, but do not support any form of jump, the origin server needs to directly respond to the 200 status code and file content.

If the window system does not support creation /.well-known Directory, you can create it through the command line: mkdir .well-known

3. Audit verification

Whether adding CNAME record , or increase Verification file After both operations are completed, the subscription will enter the CA organization information audit and verification status, which generally takes 1 working day. After the certificate is issued successfully, the above two records can be deleted.

Let's Encrypt universal domain name certificate verification

You need to configure CNAME for the universal domain name of the certificate application. The specific steps are as follows:

1. Get CNAME address

Enter the console, select SSL certificate service, find the order corresponding to the domain name in the certificate purchase application result interface, and click View, as shown in the figure:

2. Modify CNAME record

Log in to the DNS service provider website of the domain name and modify the CNAME record. For specific configuration methods, see the following link:

DNSPod Configure CNAME

New network configuration CNAME

CNAME configuration

Special note: After adding the CNAME configuration, please keep it and do not delete it. Otherwise, certificate renewal will fail.

3. Verify whether the CNAME configuration is effective

Since DNS resolution records have cache time, the effective time of CNAME is generally 600s. You can check whether the CNAME configuration is effective through the acceleration domain name configured by dig. If the suffix is le.aicdn5.com, it indicates that the CNAME configuration is effective. As shown in the figure below:

matters needing attention

1. The domain name for applying for free DigiCert, Let's Encrypt DV SSL certificates must be filed and already on the cloud CDN platform Created service , and bind this domain name.

2. When applying for a TrustAsia DV SSL certificate, the domain name will pass the security audit of DigiCert CA. If the audit fails, the reasons are as follows:

The application for DV SSL certificate does not need manual intervention. It is automatically authenticated and quickly issued by the CA organization server. Therefore, some CA organizations will use stricter sensitive words to strengthen the audit standards according to their anti phishing mechanism. For example, the domain name contains bank, trust, etc., which will cause the domain name audit failure. The definition of sensitive words is defined by the CA organization itself.

Please change another domain name to apply.

3. Before applying for the free Let's Encrypt DV SSL certificate, the customer needs to complete all domains of the domain name CNAME Go to the cloud platform again, or the certificate application may fail.

4. If the purchase of the free DV SSL certificate fails, in addition to the failure caused by CNAME, in other cases of failure (except for the failure of the security audit), you can try to resubmit the application for many times. If the application fails for many times, you can submit a work order for help.

5. Currently, domain name applications with underscores (_) are not supported.

6. Compatibility of various SSL certificates of DigiCert, GeoTrust, GlobalSign, TrustAsia and sslTrust:

The encryption algorithm supports all major operating systems and browsers on the market for RSA certificates

The encryption algorithm is ECDSA, and the certificate compatibility is as follows:

 operating system Windows>=Vista MacOS>=10.6 IOS>=7 Android>=4.0 browser IE>=7 Firefox>=2.0 Chrome>=1.0 Safari>=4

7. Let's Encrypt DV SSL certificate compatibility list is as follows:

 Mozilla Firefox >= v2.0 Google Chrome Internet Explorer on Windows XP SP3 and higher Microsoft Edge Android OS >= v2.3.6 Safari >= v4.0 on macOS Safari on iOS >= v3.1 Debian Linux >= v6 Ubuntu Linux >= v12.04 NSS Library >= v3.11.9 Amazon FireOS (Silk Browser) Cyanogen > v10 Jolla Sailfish OS > v1.1.2.16 Kindle > v3.4.1 Java 7 >= 7u111 Java 8 >= 8u101

For more compatibility information, refer to here

8. Let's Encrypt DV SSL certificate. On the premise of ensuring that the domain name CNAME is resolved to the remake CDN platform, the certificate will be automatically renewed after expiration. There is no need to worry about certificate expiration.

DigiCert DV SSL certificate (valid for one year) Certificate Management You can view the expiration time of the certificate in. When the certificate is about to expire, users can still apply for another extension for free.

9. For all kinds of SSL certificates of DigiCert, GeoTrust, TrustAsia, the main domain name such as upyun.com has successfully applied for a certificate, then www.upyun.com has been added to this certificate by default, that is, www.upyun.com can directly use this certificate without repeated application; Similarly, the main domain name upyun.com can also be used with the certificate applied for by www.upyun.com (the above is only effective for the main domain name, for example, the certificate applied for by the domain name abc.upyun.com cannot be used and needs to be reapplied).

Note: Another Let's Encrypt DV SSL certificate, the main domain name upyun.com and www.upyun.com cannot share one certificate, so they need to apply separately.

Is this article helpful?

Yes No