All Products
Search
Document Center

Server Load Balancer:Upload a third-party certificate

Last Updated:Nov 08, 2023

This topic describes how to upload a third-party certificate. Before you upload a third-party certificate, you must obtain the public key or private key file of the certificate.

Prerequisites

Before you upload a third-party certificate, make sure that the following requirements are met:

  • A server certificate is purchased.

  • A certificate authority (CA) certificate and a client certificate are generated. For more information, see Generate a CA certificate.

Limits

You can create up to 100 certificates for each Alibaba Cloud account.

Procedure

  1. Log on to the CLB console.
  2. In the left-side navigation pane, choose CLB (FKA SLB) > Certificates.

  3. On the Certificates page, click Add Certificate.

  4. In the Add Certificate panel, select Third-party Certificates, configure the following parameters, and then click Create.

    Parameter

    Description

    Certificate Name

    Enter a name for the certificate.

    Certificate Type

    Select the type of certificate that you want to upload.

    • Server Certificate: For HTTPS one-way authentication, only the server certificate and the private key are required.

    • CA Certificate: For HTTPS mutual authentication, the server certificate and the CA certificate are required.

    Public Key Certificate

    Paste the content of the server certificate or CA certificate to the field. The public key certificate contains information about the public key and the signature.

    Classic Load Balancer (CLB) instances use NGINX certificates obtained from a certificate provider. In most cases, NGINX certificates are suffixed with .pem, and some certificates may be suffixed with .crt.

    Click View Sample to view valid certificate formats. For more information, see Certificate requirements.

    Private Key

    Paste the private key of the server certificate to the field. In most cases, NGINX certificates are obtained from a certificate provider and are suffixed with .key.

    Click View Sample to view valid certificate formats. For more information, see Certificate requirements.

    Important

    A private key is required only if you upload a server certificate.

    Region

    Select the region where you want to deploy the certificate.

    You cannot use a certificate in regions where the certificate is not deployed. If you want to use the certificate in multiple regions, select the regions where you want to use the certificate.

    Resource Group

    Select the resource group to which the certificate belongs.

    Tag

    Select or enter a tag key and a tag value.