--- Title: Apply certificate URL Source: https://company-skill.com/p/cas/cas-apply-certificate Language: en Description: You want to obtain a trusted SSL/TLS certificate from Alibaba Cloud’s Certificate Management Service (CAS), either for securing a website, API, or application. This involves submitting a certificate… --- # Apply certificate Part of **Certificate Management Service (CAS)**. Route queries via `POST https://company-skill.com/api/route`. ## What You Want to Do You want to obtain a trusted SSL/TLS certificate from Alibaba Cloud’s Certificate Management Service (CAS), either for securing a website, API, or application. This involves submitting a certificate signing request (CSR) or using a guided interface, followed by domain validation. **Typical User Questions**: - How do I request a new SSL certificate? - Can I apply for a public certificate via API? ## Decision Tree Pick the best path for your situation: - **If** you need to integrate certificate issuance into CI/CD or automate renewal → Use APICSR (go to *cas/cas-certificate*) - **If** you are applying for a single certificate and prefer a graphical interface with no code → Use SSL (go to *cas/cas-certificate*) - **If** you already have a CSR file with RSA ≥2048-bit or ECC key → Use APICSR - **Otherwise (default)** → SSL — it’s simpler for one-off requests and includes built-in guidance like **Quick Apply** and **Standard Apply** ## Path Comparison | Path | Best For | Complexity | Code Required | Automation | Key Fact | Detail Skill | |------|----------|------------|---------------|------------|----------|-------------| | APICSR | CI/CD | medium | Yes | Yes | Requires Bearer Token auth and RAM permission yundun-cert:CreateCertificateWithCsrRequest | `cas/api/cas-certificate` | | SSL | low | No | No | Offers **Quick Apply** and **Standard Apply** wizards in web UI | `cas/guide/cas-certificate` | ## Path Details ### Path 1: APICSR **Best For**: CI/CD **Brief Description**: Use Certificate Management Service OpenAPI to programmatically submit SSL/TLS certificate applications with a custom CSR. This method supports automation and integrates with scripts or deployment pipelines. Key operations require **CSR** files and authentication via **Bearer Token**. **Key technical facts**: - Billing: API100-1000/digicert-free-1-free3-12 - Auth method: Bearer TokenHeader: Authorization: Bearer $DASHSCOPE_API_KEY - Regions available: cn-hangzhou, cn-shanghai, cn-beijing, ap-southeast-1, eu-central-1 - Prerequisites: RAMyundun-cert:CreateCertificateWithCsrRequestDASHSCOPE_API_KEYDVDNS **Known Limitations**: - API10 QPS - CreateCertificateWithCsrRequest APICSRRSAECCRSA2048 - digicert-free-1-free3 - DNS TXT ### Path 2: SSL **Brief Description**: Apply for SSL/TLS certificates through the Alibaba Cloud Console using interactive wizards such as **Quick Apply** (for fast DV certificate issuance) and **Standard Apply** (for OV/EV with business validation). The process includes form-based input, domain verification, and one-click deployment to Alibaba Cloud services. **Key technical facts**: - Billing: DV/OV/EV7 - Auth method: SSO - Prerequisites: OV.gov ## FAQ Q: Which path should I start with? A: Start with SSL if you're applying for one certificate and aren’t automating. It offers **Quick Apply** for fast DV certs and **Standard Apply** for business validation, with no coding needed. Q: What if I need to issue 50 certificates monthly but used the console? A: You’ll face significant manual effort—each certificate requires individual form filling and domain verification. The console doesn’t support bulk or scheduled issuance, making it impractical for high-volume use. Q: What if I don’t have a CSR but chose the API path? A: The API (CreateCertificateWithCsrRequest) strictly requires a valid **CSR** with RSA ≥2048-bit or ECC key. Without one, the request fails—you must generate it beforehand. Q: Can I use the API without setting up RAM permissions? A: No. The API requires the RAM permission `yundun-cert:CreateCertificateWithCsrRequest`. Without it, even with a valid **Bearer Token**, the call will be denied. Q: Does the console support free certificates? A: Yes—it offers free personal test certificates (up to 20 per year), but these are limited to single domains and short validity, similar to the `digicert-free-1-free` type in the API. Q: If I need to deploy certificates directly to SLB or ECS, which path is better? A: The console provides one-click **Deploy** actions to Alibaba Cloud services like SLB and ECS after issuance. The API requires separate deployment steps via other service APIs. ## Related queries apply ssl certificate, request tls certificate, get ssl cert, how to apply for ssl, ssl certificate application, csr submission, automate certificate issuance, console ssl apply, api certificate request, ssl via api, ssl via console, purchase ssl certificate, submit csr for ssl, ssl certificate auto --- Part of [Certificate Management Service (CAS)](https://company-skill.com/p/cas.md) · https://company-skill.com/llms.txt