To use Anti-DDoS Pro or Anti-DDoS Premium to scrub HTTPS traffic, you must select HTTPS and upload an HTTPS certificate when you add the domain name of a website. If the uploaded HTTPS certificate changes, you must update the certificate in the Anti-DDoS Pro or Anti-DDoS Premium console.
Prerequisites
- A website that supports HTTPS is added to Anti-DDoS Pro or Anti-DDoS Premium. For more information, see Add a website.
- The certificate file of the website is prepared.
If you have uploaded the certificate file to the SSL Certificates Service console, you can select the certificate. Otherwise, you must upload your own certificate and private key files. The following files are required:
- The public key file in the CRT format or the certificate file in the PEM format
- The private key file in the KEY format
Scenarios
You must upload the HTTPS certificate in the following scenarios:
- You select HTTPS when you add a domain name to Anti-DDoS Pro or Anti-DDoS Premium.
- You select HTTPS when you add a domain name to Anti-DDoS Pro or Anti-DDoS Premium and upload a certificate. You need to replace the uploaded certificate or update the certificate when it expires.
Procedure
- On the Website Config page, find the domain name for which you want to upload a certificate, and click
the upload icon in the Certificate Status column.
- In the Upload SSL Certificate and Private Key dialog box, set Upload Method and configure other parameters.You can use one of the following methods to upload your certificate:
- Select Existing Certificates (recommended)
If you have uploaded the certificate to SSL Certificates Service, you can select the certificate and upload it to Anti-DDoS Pro or Anti-DDoS Premium.
If you have not uploaded the certificate to SSL Certificates Service, you can click Go to the SSL Certificates console to upload your certificate. For more information about how to upload certificates to SSL Certificates Service, see Upload certificates.
- Manual UploadSpecify Certificate Name, copy and paste the content of the certificate file to the Certificate File field, and then copy and paste the content of the private key file to the Private Key field.
Note- If the certificate file is in the PEM, CER, or CRT format, you can use a text editor to open the certificate file and copy the file content. If the certificate file is in other formats, such as PFX and P7B, you must convert the file into the PEM format and use a text editor to open the file and copy the file content. For information about how to convert the format of a certificate file, see How do I convert an HTTPS certificate to the PEM format?.
- If the certificate file has multiple certificates, such as a certificate chain, you must concatenate the content of these certificates and copy the concatenated content to the Certificate File field.
Certificate file example-----BEGIN CERTIFICATE----- xxxxxxxxxxxxvs6MTXcJSfN9Z7rZ9fmxWr2BFN2XbahgnsSXM48ixZJ4krc+1M+j2kcubVpsE2cgHdj4v8H6jUz9Ji4mr7vMNS6dXv8PUkl/qoDeNGCNdyTS5NIL5ir+g92cL8IGOkjgvhlqt9vc65Cgb4mL+n5+DV9uOyTZTW/MojmlgfUekC2xiXa54nxJf17Y1TADGSbyJbsC0Q9nIrHsPl8YKkvRWvIAqYxXZ7wRwWWmv4TMxFhWRiNY7yZIo2ZUhl02SIDNggIEeg== -----END CERTIFICATE-----Private key file example-----BEGIN RSA PRIVATE KEY----- xxxxxxxxxxxxtZ3UKHJTRgNQmioPQn2bqdKHop+B/dn/4VZL7Jt8zSDGM9sTMThLyvsmLQKBgQCr+ujntC1kN6pGBj2Fw2l/EA/W3rYEce2tyhjgmG7rZ+A/jVE9fld5sQra6ZdwBcQJaiygoIYoaMF2EjRwc0qwHaluq0C15f6ujSoHh2e+D5zdmkTg/3NKNjqNv6xA2gYpinVDzFdZ9Zujxvuh9o4Vqf0YF8bv5UK5G04RtKadOw== -----END RSA PRIVATE KEY-----
- Select Existing Certificates (recommended)
- Click OK.After the certificate is uploaded, the Certificate Status becomes Normal.
If the certificate is updated, you must upload the updated certificate. To upload the certificate, log on to the Anti-DDoS Pro console, click Website Config, and then click the
icon next to the certificate to upload the updated certificate.
Warning If the certificate is updated but is not uploaded in the Anti-DDoS Pro or Anti-DDoS Premium console, HTTPS traffic cannot be forwarded to the origin server.