This topic describes how to upload a third-party certificate. You must obtain the public key or private key file of the certificate before you can upload a third-party certificate.

Prerequisites

Before you upload a third-party certificate, make sure that the following requirements are met:
  • A server certificate is purchased.
  • A CA certificate and a client certificate are generated. For more information, see Generate a CA certificate.

Procedure

  1. Log on to the CLB console.
  2. In the left-side navigation pane, choose CLB (Formerly Known as SLB) > Certificates.
  3. On the Certificates page, click Create Certificate.
  4. In the Create Certificate panel, select Upload Third-party Certificate.
  5. After you select Upload Third-party Certificate, configure the certificate.
    Parameter Description
    Certificate Name

    Enter a name for the certificate.

    The name must be 1 to 80 characters. The name can contain only letters, digits, hyphens (-), forward slashes (/), periods (.), underscores (_), and asterisks (*).

    Resource Group Select the resource group to which the certificate belongs.
    Certificate Type Select the type of certificate that you want to upload.
    • Server Certificate: For HTTPS one-way authentication, only the server certificate and the private key are required.
    • CA Certificate: For HTTPS mutual authentication, both the server certificate and the CA certificate are required.
    Public Key Certificate

    Paste the contents of the server certificate or CA certificate into the field. The public key certificate contains the public key and signature information.

    SLB instances use NGINX certificates obtained from a certificate provider. In most cases, NGINX certificates are suffixed with .pem, and some certificates may be suffixed with .crt.

    Click Example to view the valid certificate formats. For more information, see Certificate requirements.

    Private Key Paste the private key of the server certificate into the field. In most cases, NGINX certificates are obtained from a certificate provider and are suffixed with .key.

    Click Example to view the valid certificate formats. For more information, see Certificate requirements.

    SLB supports the following private key formats:
    -----BEGIN RSA PRIVATE KEY-----
    Private key (Base64 encoded)
    -----END RSA PRIVATE KEY-----
    and
    -----BEGIN EC PARAMETERS-----
    Private key (Base64 encoded)
    -----END EC PARAMETERS-----
    -----BEGIN EC PRIVATE KEY-----
    Private key (Base64 encoded)
    -----END EC PRIVATE KEY-----
    Notice
    • A private key is required only when you upload a server certificate.
    • Regions that support Elliptic Curve (EC) keys:
      • UK (London)
      • China (Qingdao)
      • China (Hohhot)
      • China (Chengdu)
      • Japan (Tokyo)
      • India (Mumbai)
      • Australia (Sydney)
      • Malaysia (Kuala Lumpur)
      • US (Silicon Valley)
      • US (Virginia)
      • Germany (Frankfurt)
      • UAE (Dubai)
    Region

    Select the region where you want to deploy the certificate.

    A certificate cannot be used across regions. If you want to use the certificate in multiple regions, select the regions where you want to use the certificate.

  6. Click Create.