Alibaba Cloud CDN supports HTTPS secure acceleration. You can upload a custom SSL certificate or select an SSL certificate from Certificate Management Service in the Alibaba Cloud CDN console. SSL certificates are required if you want to enable HTTPS to ensure the security of data transmission. This topic describes how to configure and renew an SSL certificate.
SSL certificate management
SSL certificates are classified into different types based on vetting and verification requirements. Different types of SSL certificates provide different levels of security and are suitable for different websites. For more information, see What is Certificate Management Service?
If you want to purchase an SSL certificate, you can log on to the Certificate Management Service console to purchase a certificate from a certificate authority (CA). If you want to use a custom certificate, the certificate must be in a valid format. For more information, see Certificate formats.
The Tengine web server that is used by Alibaba Cloud CDN is designed based on the NGINX web server architecture. Therefore, you can upload only certificate files in the NGINX-compatible
PEM
format for domain names for which HTTPS secure acceleration is enabled. If your SSL certificate is not in the PEM format, you need to convert the certificate into the PEM format. For more information, see Convert certificate formats.The uploaded SSL certificate must match the private key. Otherwise, requests that are sent from clients fail the authentication.
The system does not support private keys for which passwords are configured.
Only SSL and TLS handshakes that include Server Name Indication (SNI) values are supported.
You can view SSL certificates. You cannot view private keys because they are sensitive information. Keep certificate-related information confidential.
Configure or renew an SSL certificate
HTTPS secure acceleration is a value-added service. After you enable HTTPS, you are charged based on the number of HTTPS requests. You cannot use data transfer plans to offset the fees. For more information about the pricing of HTTPS secure acceleration, see Billing of HTTPS requests for static content.
Log on to the Alibaba Cloud CDN console.
In the left-side navigation pane, click HTTPS Center.
On the Certificate Center page, click Add Certificate.
On the Add Certificate page, configure the parameters. The following table describes the parameters.
Parameter
Description
Certificate Source
You can obtain a certificate only from SSL Certificates Service. You can apply for certificates of various CAs and types in the Certificate Management Service console.
Certificate Name
Select a certificate name.
Certificate (Public Key)
The public key of the certificate. For more information, click PEM Encoding Reference under the Certificate (Public Key) section.Certificate (Public Key)Example for PEM-encoded certificate
Private Key
The private key of the certificate. For more information, click Example for PEM-encoded certificate below the Private Key.
Click Next.
Associate one or more domain names with the certificate.
NoteIf a selected domain name is already associated with a certificate, the existing certificate will be replaced by the selected certificate in this step.
If you set SSL Certificates Service, you can renew or deploy the specified certificate for multiple domain names at a time.
Click OK to deploy or update the certificate.
Check whether HTTPS takes effect
After you upload an SSL certificate, the certificate takes effect within 1 minute. To verify whether the SSL certificate takes effect, you can send HTTPS requests to access resources. If the URL is displayed with a lock icon in the address bar of the browser, HTTPS secure acceleration is working as expected.
Related API operations
API operation | Description |
CreateCdnCertificateSigningRequest | Creates a certificate signing request (CSR). |
DescribeDomainCertificateInfo | Queries the certificate information about an accelerated domain name. |
SetDomainServerCertificate | Enables or disables the certificate of a domain name, and modifies the certificate information. |
SetCdnDomainCSRCertificate | Configures an SSL certificate for a specified domain name. |
DescribeCdnDomainByCertificate | Queries accelerated domain names by SSL certificate. |
DescribeCdnCertificateDetail | Queries the detailed information about an SSL certificate. |
DescribeCdnCertificateList | Queries information about certificates. |
DescribeCertificateInfoByID | Queries the information about a specified SSL certificate. |
BatchSetCdnDomainServerCertificate | Enables or disables the certificates of domain names, and modifies the certificate information. |
DescribeCdnHttpsDomainList | Queries the information about the SSL certificates within your Alibaba Cloud account. |
DescribeUserCertificateExpireCount | Queries the number of domain names whose SSL certificates are about to expire or have already expired. |
SetCdnDomainSMCertificate | Enables or disables a ShangMi (SM) certificate for a domain name. |
DescribeCdnSMCertificateList | Queries the SM certificates of an accelerated domain name. |
DescribeCdnSMCertificateDetail | Queries the details about an SM certificate. |