getting starteddomain name this parameter is displayed when you purchase a multi-domain certificate....

SSL Certificate Manager

Getting Started

Issue 3

Date 2020-04-28

HUAWEI TECHNOLOGIES CO., LTD.

Copyright © Huawei Technologies Co., Ltd. 2020. All rights reserved.

No part of this document may be reproduced or transmitted in any form or by any means without priorwritten consent of Huawei Technologies Co., Ltd. Trademarks and Permissions

and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.All other trademarks and trade names mentioned in this document are the property of their respectiveholders. NoticeThe purchased products, services and features are stipulated by the contract made between Huawei andthe customer. All or part of the products, services and features described in this document may not bewithin the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements,information, and recommendations in this document are provided "AS IS" without warranties, guaranteesor representations of any kind, either express or implied.

The information in this document is subject to change without notice. Every effort has been made in thepreparation of this document to ensure accuracy of the contents, but all statements, information, andrecommendations in this document do not constitute a warranty of any kind, express or implied.

Issue 3 (2020-04-28) Copyright © Huawei Technologies Co., Ltd. i

Contents

1 Certificate Application Procedure........................................................................................1

2 Apply for the Certificate........................................................................................................ 3

3 Verify the Domain Ownership............................................................................................12

4 Verify the Organization....................................................................................................... 21

A Change History...................................................................................................................... 23

SSL Certificate ManagerGetting Started Contents

Issue 3 (2020-04-28) Copyright © Huawei Technologies Co., Ltd. ii

1 Certificate Application Procedure

Acquaint yourself with the application procedure before you apply or purchase acertificate. Figure 1-1 shows the certificate application procedure. Table 1-1describes the steps required for certificate application.

Figure 1-1 Certificate application procedure

Table 1-1 Description of the certificate application procedure

Step Operation Description

1 Purchase aCertificate

You have purchased an SSL certificate. If you havenot purchased an SSL certificate, go to the HUAWEICLOUD Marketplace to purchase it.

2 Apply for aCertificate

After you purchase a certificate, you need to add adomain to it, fill in your information, and thensubmit it for approval.

3 Verify theDomain Name

Upon receiving your request, the CA sends averification email to your email address for you tovalidate your ownership of the domain name.You can select email validation, DNS validation, orfile validation, depending on your needs.IP address SSL certificates can be verified only byfile.DV and basic DV certificates (GeoTrust entry-levelSSL certificates and DigiCert free SSL certificates)can be verified only by DNS.

SSL Certificate ManagerGetting Started 1 Certificate Application Procedure

Issue 3 (2020-04-28) Copyright © Huawei Technologies Co., Ltd. 1

https://marketplace.huaweicloud.com/intl/

Step Operation Description

4 Verify theOrganization

This operation is required only when you apply foran OV, OV Pro, EV, or EV Pro certificate.The CA will send an email for you to choose averification method. Then, the CA will contact youby the method you selected to check whether theenterprise or organization has initiated theapplication.

5 Issue theCertificate

After the organization verification is complete, ittakes some time for CA to approve yourverification.The certificate will be issued after being approvedby the CA. The certificate takes effect immediatelyupon issuance. You can push the certificate to othercloud products on HUAWEI CLOUD or downloadthe certificate and deploy it on a server.

SSL Certificate ManagerGetting Started 1 Certificate Application Procedure


2 Apply for the Certificate

ScenarioAfter you purchase a certificate, you still need to associate a domain name with it,provide certain details, and then submit it for approval. The CA will not issue thecertificate until all of the submitted details have been reviewed.

This section describes how to apply for a certificate.

Prerequisites● You have obtained an account and login password for the management

console.● The certificate is in the Pending application state.

Procedure

Step 1 Log in to the management console.

Step 2 In the navigation pane on the left, click and, under Security, choose SSLCertificate Manager to go to the SSL Certificate Manager console.

Step 3 In the Operation column that contains the certificate to be applied for, clickApply for Certificate.

Step 4 On the displayed page, enter the required information.

Provide domain name, company details (mandatory for organizations), andcompany contact details.

1. Provide the domain name details. Table 2-1 describes the requiredparameters.

SSL Certificate ManagerGetting Started 2 Apply for the Certificate


https://console-intl.huaweicloud.com/?locale=en-us

Figure 2-1 Domain name details



Table 2-1 Domain name parameters

Parameter Description ExampleValue

CSR To obtain an SSL certificate, a CertificateSigning Request (CSR) file needs to besubmitted to the CA for review. The CSRcontains a public key and a distinguishedname (DN). Typically, a CSR is generated bya web server. A pair of public and privatekeys are created along with the CSR.Options:– System generated CSR: The system

automatically generates a certificateprivate key. Once the certificate isapproved, you can download yourcertificate and private key on thecertificate management page.

– Upload a CSR: You manually generate aCSR file and paste the content of the CSRfile into the displayed field. For details,see How Do I Make a CSR File?NOTE

▪ You are advised to select Systemgenerated CSR to avoid approval failurecaused by incorrect content.

▪ Certificates with CSR manually generatedcannot be pushed to other HUAWEICLOUD services.

▪ If the CSR file is generated manually,HUAWEI CLOUD is not responsible foryour private key. Back up your private keyproperly. If a private key is lost, thecorresponding certificate becomes invalid.You will need to purchase a newcertificate.

▪ SCM has strict requirements on key typeand length. The key must be RSA and itmust be 2,048 bits.

▪ If System generated CSR is selected, thereare multiple formats available fordownload.

SystemgeneratedCSR



https://support.huaweicloud.com/intl/en-us/scm_faq/scm_01_0059.html


DomainName

This parameter is displayed when youpurchase a single-domain or wildcard-domain certificate.Enter the domain name or wildcard domainname that needs to be associated to thecertificate.Single domain: If your domain iswww.domain.com, enter www.domain.comfor Domain Name.Wildcard domain: If you have multipledomain names that are all the same level,for instance, test.huaweicloud.com,yun.huaweicloud.com,example.huaweicloud.com, andgood.huaweicloud.com, you can use awildcard to enter a single domain name thatwould include them all, in this case:*.huaweicloud.com.

www.domain.com

PrimaryDomainName

This parameter is displayed when youpurchase a multi-domain certificate.Enter the primary domain name that needsto be associated to the certificate. Set one ofthe domain names as the primary domainand the rest as additional domains.NOTICE

– The primary domain name cannot be changedafter it is associated. Exercise caution whenentering the primary domain name.

– A primary domain and additional domains canbe equally protected.

Example: If buy three domain names for thecertificate and you have three domainnames www.domain01.com,www.domain02.com, andwww.domain03.com, you need to select oneof them as primary domain name. If yourselect www.domain01.com as the primarydomain name, enter www.domain01.com forPrimary Domain Name.

www.domain01.com




AdditionalDomainName

This parameter is displayed when youpurchase a multi-domain certificate.Enter one or more additional domain namesthat need to be associated with thecertificate.NOTE

– One additional domain name per line.– You can add one or more additional domain

names at a time. For details, see Adding anAdditional Domain Name.

Example: If three domain names have beenpurchased, such as www.domain01.com,www.domain02.com, andwww.domain03.com, and the primarydomain name is www.domain01.com, enterwww.domain02.com andwww.domain03.com for Additional DomainName.

www.domain02.comwww.domain03.com

DomainNameVerificationMethod

In accordance with the CA specifications,after applying for a certificate, you need towork with the CA to verify ownership of theassociated domain name. After yourownership of the domain name is verified byyou and approved by the CA, the status ofyour certificate will change.Options:– File: You need to create a specified file

on the server to verify your ownership ofthe domain.IP address SSL certificates can only beverified by file.

– Email: You can click the link and followthe directions in the email to verifyownership of the domain.

– DNS: You need to verify the domainownership by resolving a specific DNSrecord on the domain namemanagement platform.DV and basic DV certificates (GeoTrustentry-level SSL certificates and DigiCertfree SSL certificates) can only be verifiedby DNS.

DNS

2. Provide the company details. Table 2-2 describes the required parameters.



https://support.huaweicloud.com/intl/en-us/usermanual-scm/scm_01_0069.html


NO TE

Company details need to be provided for OV, OV Pro, EV, and EV Pro certificates.

Figure 2-2 Company Information

Table 2-2 Company information

Parameter Description

CompanyName

The full name of the company, as written on its businesslicense

DepartmentName

Name of the department to which a user belongs

Country/Region Country or region where the company resides

(Optional)Bank AccountOpeningPermit

Specify this parameter based on requirements.– Available: You must upload the electronic copy of the

bank account opening permit.

Click to upload the electronic copy of the bankaccount opening permit.NOTE

Only one file can be uploaded. It must be in .png or .jpgformat, and cannot exceed 2 MB.

– None: You do not need to upload the electronic copyof the bank account opening permit.However, if you select this option, it may take longerto issue your certificate.




(Optional)BusinessLicense

Specify this parameter based on requirements.– Available: You must upload the electronic copy of the

business license.

Click to upload the electronic copy of the businesslicense.Chinese mainland: Upload your business license.Other regions: Upload your business registrationcertificate.NOTE

Only one file can be uploaded. It must be in .png or .jpgformat, and cannot exceed 2 MB.

– None: You do not need to upload a copy of thebusiness license.However, if you select this option, it may take longerto issue your certificate.

3. Provide the company contact details. Table 2-3 describes the required

parameters.

Figure 2-3 Company contact details

Table 2-3 Contact information


Name Enter your name.




Phone Number Enter a valid phone number so that the CA can contactyou to confirm other required details.Example: 1381234567802812345678

Email Address Enter an email address for you to receive emails.NOTICE

HUAWEI CLOUD can send notifications related to certificateissuance to this email address. A CA will send confirmationemails to the email address. After submitting your applicationfor approval, check for and follow the directions in theconfirmation email.

NO TE

– The system automatically notifies the company contact or authorizing person byemail or SMS two months, one month, and one week before a certificate expiresand again after the certificate has actually expired.

– To enter technical contact details, select (Optional) Technical ContactInformation first.

– Personal user information used as contact details is not included in the issuedcertificate.

Step 5 After confirming that the entered information is correct, read through the SSLCertificate Manager Disclaimer, Privacy Statement, and the authorizationstatement, and check the box to agree to the disclaimer and statements

You can revoke the privacy rule authorization if the certificate is not beingapproved. Once you revoke the authorization, HUAWEI CLOUD will not store yourinformation. The contact name, phone number, email address, and organizationdetails will be deleted. For details, see Canceling Authorization for PrivacyInformation.

Step 6 Click Submit.

The certificate information is provided. Go back to the certificate list and checkthat the certificate status has changed to Pending domain name verification.

The system will submit your application to the CA. During the approval process,make sure that you can be reached by phone and that you regularly check foremails from the CA.

NO TE

● You can click Save to save your progress.● The CA will process your application and send you a domain name verification email

within 2 to 3 working days.

----End

Follow-Up ProcedureAfter the entered additional domain names are submitted for review, the CA willsend a verification email to you. Perform domain name verification as required.





Your certificate will remain in the Pending domain name verification state andwill not be approved if you do not complete the domain name verification. Uponreceiving your request, the CA will review your request and send a verificationemail. Reply to the CA immediately after receiving the verification email. If you failto complete the verification timely, it takes longer to receive your certificates.

For details, see Verify the Domain Ownership.

If you have submitted a certificate application but then discover there areincorrect details included, you can withdraw the application and apply for a newcertificate.



3 Verify the Domain Ownership

ScenarioAfter certificate application is submitted, the associated domain needs to beverified. After you request approval from CA, you need to work with the CA toverify your ownership of the associated domain. After you complete theverification and the CA approves the verification, the status of your certificate willthen change.

If you do not complete the domain ownership verification, your certificate willremain in the Pending domain name verification state.

You can verify your domain ownership by any of the following methods:

● Verification by File● Verification by Email● Verification by DNS

NO TE

● IP address SSL certificates can only be verified by file.● DV and basic DV certificates (GeoTrust entry-level SSL certificates and DigiCert free SSL

certificates) can only be verified by DNS.

Prerequisites● Verification by file: You have obtained the account and password for logging

in to the server.● Verification by email: You have obtained the account and password for

logging in to the domain name administrator's mailbox. For details, see HowDo I Query and Verify the Email Address of the Domain Administrator?

● Verification by DNS: You have obtained an account and password for themanagement console of your DNS provider.

● The certificate must be in the Pending domain name verification state.

Verification by FileVerification by file means verifying the domain name ownership by creating aspecified file on the server.

SSL Certificate ManagerGetting Started 3 Verify the Domain Ownership




After CA approves your application, you need to verify your domain ownership asdescribed in the order, or your certificate will remain in the Pending domainname verification state and will not be approved.

If you purchase a multi-domain certificate and select verification by file, you needto verify each domain separately by file.

Verification by file is usually performed by your server administrator. This sectiondescribes how to verify domain ownership by file.



Step 3 In the Operation column of the certificate for which domain name verification isto be performed, click Verify Domain Name.

Step 4 View the Record Value on the Verify Domain Name page, or log in to the emailyou provided during certificate application, and find the Record Value.

Figure 3-1 Verification by file

Step 5 Log in to your server.

Step 6 Create the specified file in the root directory of the website.

NO TE

The root directory of the website refers to the folder where the website programs are storedon the server. The root directory has the following names: wwwroot, htdocs, public_html,webroot, and more. Perform operations as required.

Example:

Assume that the root directory of the website is /www/htdocs.

1. Create the .well-known/pki-validation subdirectory in the root directory ofthe website.In this case, create the subdirectory in the /www/htdocs directory.

2. Create the whois.txt file in the .well-known/pki-validation subdirectory.3. Place the record value obtained in Step 4 in the whois.txt file.

Step 7 Check whether the configuration has taken effect.

1. Open a browser and access the URL: https://your domain/.well-known/pki-validation/whois.txt or http://your domain/.well-known/pki-validation/whois.txt.Replace your domain in the URL address with the domain name bound duringcertificate application.– If your domain name is a common domain name, perform the following

operations:




For example, if your domain name is example.domain.com, the accessURL address is https://example.domain.com/.well-known/pki-validation/whois.txt or http://example.domain.com/.well-known/pki-validation/whois.txt.

NO TE

For a domain name starting with www, for example, www.domain.com, performthe following operations:1. Perform steps Step 1 to Step 7 to perform verification by file on the domain

name www.domain.com and check whether the verification configurationhas taken effect.

2. Access the URL address https://domain.com/.well-known/pki-validation/whois.txt, and check the value displayed.The value displayed must be the same as the value obtained in Step 4.

– For a wildcard domain name, perform the following operations:For example, if your domain name is *.domain.com, the access URLaddress is https://domain.com/.well-known/pki-validation/whois.txtor http://domain.com/.well-known/pki-validation/whois.txt.

2. Check whether the verification has taken effect.Check whether the verification URL address can be properly accessed in thebrowser and if the record value displayed on the page is the same as that onthe order progress page or in the email.– If the record value matches the one obtained in Step 4, the configuration

of domain name verification has taken effect.– If they are different, the configuration of domain name verification does

not take effect.If the configuration does not take effect, perform the following checks:

▪ Check whether the verification URL address exists in HTTPSaccessible addresses. If yes, use HTTPS to re-access the URL addressin the browser. If the browser displays a message indicating that thecertificate is untrusted or the displayed content is incorrect, disablethe HTTPS service for the domain name temporarily.

▪ Ensure that the verification URL address can be accessed at anyplace. Detection servers of some brands are located outside China.Check whether your site has images outside China or whether thesmart DNS service is used.

▪ Check whether the verification URL address contains 301 or 302redirection. If such redirection exists, cancel the related settings todisable the redirection.You can run the wget -S URL address command to check whetherthe verification URL address is redirected.

Step 8 After the verification is complete, additional time is required for the CA to verifyyour domain name. During this period, the certificate is in the Pending domainname verification state.



If you have verified the domain name, the CA will take 2 to 3 working days toverify your information. The certificate enters the Pending organizationverification state only after the CA has confirmed your domain ownership.

----End

Verification by EmailAfter you apply for a certificate, the CA will send a confirmation email to yourdomain name administrator's email address. Perform the confirmation in theemail as prompted. The certificate issuing will enter the next stage after thedomain name is verified.

If you purchase a multi-domain certificate and select verification by email, anddifferent email addresses are used, you need to perform verification by email foreach domain name.

This section describes how to verify domain ownership by email.

Step 1 Log in to the mailbox of the domain name administrator.

Step 2 Open the domain name confirmation email from the CA.

Step 3 Click the confirmation link in the email to complete the domain name verification.

After the verification is complete, additional time is required for the CA to verifyyour domain name. During this period, the certificate is in the Pending domainname verification state.

If you have verified the domain name, the CA will take 2 to 3 working days toverify your information. The certificate enters the Pending organizationverification state only after the CA has confirmed your domain ownership.

----End

Verification by DNSFor verification by DNS, you need to verify domain ownership on your domainname management platform by resolving a specific DNS record.

As an example, this part describes how to verify domain ownership using HUAWEICLOUD DNS. The process is similar on other platforms.

If you purchase a multi-domain certificate and select verification by DNS, youneed to perform verification by DNS separately for each domain name.



NO TICE

You need to modify DNS records on your domain management platform for theDNS record to take effect.

● If you are managing your domain name on HUAWEI CLOUD, modify the DNSrecord on HUAWEI CLOUD.

● If your domain name is hosted on other platforms, such as www.net.cn,www.xinnet.com, and www.dnspod.cn, verify your domain name by either ofthe following methods:

● Method 1: Go to the platform hosting your domain name and completethe DNS verification by following the resolution method required by theplatform. For example, if the domain name is hosted on Alibaba Cloud,perform related configurations on the DNS console of Alibaba Cloud.

● Method 2: Use HUAWEI CLOUD Domain Name Service (DNS) to hostyour domain name, and then perform the verification by following theinstructions in this topic.

We recommend the second method so that you can complete verificationquickly and get your certificate issued as quickly as possible.

Obtaining the Host Record and Record Value of a Certificate



Step 3 In the Operation column of the certificate for which domain name verification isto be performed, click Verify Domain Name.

Step 4 On the Verify Domain Name page, view the values for Host Record, RecordType, and Record Value.

If Host Record, Record Type, and Record Value are not displayed, log in to theemail provided during certificate application to find them.

Figure 3-2 Viewing a host record

----End

Hosting Domain Names to HUAWEI CLOUD DNS

If you want to use a domain name for visitors to access your website over theInternet, host your domain name on HUAWEI CLOUD DNS service. For details, seeConfiguring Record Sets for a Website.




https://support.huaweicloud.com/intl/en-us/qs-dns/en-us_topic_0035467699.html

NO TICE

If DNS server addresses of the public domain name are not the same as those inthe NS record set, the domain name cannot be resolved. You are required tochange the DNS server addresses of the domain name on the registrar's websiteby referring to Changing DNS Servers of a Domain Name.

Domain Name Verification Using HUAWEI CLOUD DNS


Step 2 Choose Domain Name Service under Network to go to the Domain NameService page.

Step 3 In the navigation pane on the left, choose DNS Resolution > Public Zones. Thenclick the desired domain name in the list.

Step 4 In the domain name list on the Public Zones page, click the added domain name(or the primary domain name for a multi-domain certificate) to go to the recordset page.

Step 5 In the upper right corner of the page, click Add Record Set. Figure 3-3 shows anexample.

NO TE

If there is a TXT record of domain name domain3.com in the domain name list, clickModify in the Operation column. Modify the record in the displayed Modify Record Setdialog box.

● Name: Enter the prefix of the host record returned by the domain nameservice provider on the domain name verification page.

The returned host record varies depending on the domain name serviceprovider. The following are two examples:

Example:

– If the host record returned by the domain name service provider is_dnsauth.domain3.com, set Name to _dnsauth.

– If the host record returned by the domain name service provider isdomain3.com, leave Name empty.

● Type: Select TXT – Specify text records.

● Line: Select Default.

● TTL (s): The recommended value is 5 min. A larger TTL value will make itslower for synchronization and update of DNS records.

● Value: Enter the record value returned by the domain name service provideron the domain ownership verification page.

NO TE

Record values must be quoted with quotation marks and then pasted in the text box.

● Keep other settings unchanged.



https://support.huaweicloud.com/intl/en-us/qs-dns/en-us_topic_0035467699.html#section6

Figure 3-3 Add Record Set

Step 6 Click OK.

If the status of the record set is Normal, the record set is added successfully.

NO TE

● DNS configuration records can be deleted only after the certificate is issued or revoked.● Check whether the DNS record is correctly configured. If not, the certificate cannot be

issued.● After the domain ownership verification completes, it takes a period of time for the CA

to confirm the verification. During this period, the certificate is in the Pending domainname verification state. The certificate enters the Pending organization verificationstate only after the CA has confirmed your domain ownership.

----End

Checking Whether Domain Name Verification Takes Effect

This part describes how to check whether the domain name verification takeseffect. Figure 3-4 shows the domain name verification details.



Figure 3-4 DNS verification details

Step 1 On the Windows menu, click Start and enter cmd to start the command dialogbox.

Step 2 Run the following command in the cmd dialog box to check whether theconfiguration of domain name ownership verification takes effect:

nslookup -q=TXT xxx

xxx indicates the Host Record value returned by the domain name serviceprovider.

● If the value recorded in the command output (value of text) is the same asthat returned by the domain name service provider, the configuration ofdomain name ownership verification has taken effect.

Figure 3-5 Effective configuration of domain name ownership verification



● If the command output does not contain a TXT record and Non-existentdomain is displayed, the configuration does not take effect.

Figure 3-6 Non-effective domain name verification configuration

If the configuration of domain name ownership verification does not takeeffect, rectify the fault based on the following possible causes until theverification takes effect:– It requires a long period of time for the configuration to take effect.

Check whether the effective time (TTL) is too long. It is recommendedthat you set the TTL to 5 minutes. This value varies depending on thecloud service provider. In HUAWEI CLOUD DNS, the default value is 5minutes, so the configuration takes effect within 5 minutes by default.

– The record configuration is incorrect.Check whether the Name or Type is correct.

NO TICE

Check whether full domain names are supported. If not, delete the suffixof the root domain name.

----End

Follow-Up ProcedureIf you have applied for an OV, OV Pro, EV, or EV Pro certificate, once domain nameverification is complete, the CA will send you an organization verification email.Then, the CA will contact you based on the verification mode you selected tocheck whether the enterprise or organization has initiated the certificateapplication. For details, see Verify the Organization.



4 Verify the Organization

ScenarioIf you apply for an OV, OV Pro, EV, or EV Pro certificate, the CA sends an email toyour registered email address for organization verification after domain nameverification completes. The CA contacts the enterprise or organization based onthe selected verification mode to check whether the enterprise or organization hasinitiated the certificate application.

In the following scenarios, the certificate can be issued only after the organizationverification completes:

● Buy an OV, OV Pro, EV, or EV Pro certificate for the first time.● More than 13 months have elapsed since the last purchase of a certificate.● The contact information, company information, or certificate brand is

different from that of the last purchase.

NO TICE

If you purchase a certificate of the same brand again within 13 months and thecertificate information is not changed, manual verification is not required.

PrerequisitesThe certificate is in the Pending organization verification state.

Procedure

Step 1 Log in to the mailbox you left when applying for a certificate.

Step 2 Open the organization verification email from the CA.

Step 3 Reply to the email from the CA to select an organization verification method.

You can select the verification by phone call or lawyer's letter based on yoursituation. Verification by lawyer's letter requires an extra billing of ¥500.

If you need to change the organization verification method, reply to the emailfrom the CA.

SSL Certificate ManagerGetting Started 4 Verify the Organization


Step 4 Cooperate with the CA and complete the verification by the method you select.

For example, if you select verification by phone call, answer the phone when theCA contacts you through the public phone of your organization.

----End

Follow-Up ProcedureAfter the organization verification completes, it takes some time for CA tocomplete the verification.

After being approved by the CA, the certificate will be issued. The certificate takeseffect upon issuance. You can push the certificate to other cloud products ofHUAWEI CLOUD or download the certificate and deploy it on a server.

For details about how to push a certificate, see Pushing Certificates to OtherServices on HUAWEI CLOUD.

For details about how to download a certificate, see Downloading a Certificate.

SSL Certificate ManagerGetting Started 4 Verify the Organization





A Change History

Released On Description

2020-09-11 This issue is the fifth official release.Revised descriptions in Verify the DomainOwnership.

2020-09-09 This issue is the fourth official release.Added conditions of organization verification inVerify the Organization.

2020-04-28 This issue is the third official release.Changed certificate brand Symantec to DigiCert.

2020-03-19 This issue is the second official release.Updated the document based on the console GUIstyle change.

2019-10-30 This issue is the first official release.

SSL Certificate ManagerGetting Started A Change History


getting starteddomain name this parameter is displayed when you purchase a multi-domain certificate....

Documents