Before you upload a third-party certificate, you must obtain the public and private key file of the certificate.

Prerequisites

Before you upload a third-party certificate, make sure that the following conditions are met:
  • A server certificate is purchased.
  • A CA certificate and a client certificate are generated. For more information, see Generate a CA certificate.

Procedure

  1. Log on to the Server Load Balancer console.
  2. In the left-side navigation pane, choose Certificates.
  3. Click Create Certificate.
  4. On the Create Certificate page, select Upload Third-Party Certificate.

    Create a certificate
  5. Click Next. On the Upload Third-Party Certificate page, upload the certificate.
    Configuration Description
    Certificate Name

    Enter a name for the certificate to be uploaded.

    The name must be 1 to 80 characters in length, and can only contain letters, numbers, and the following special characters:

    _ / . -

    Regions

    Select one or more regions to which the certificate to be uploaded belongs.

    A certificate cannot be used across regions. If you need to use a certificate in multiple regions, select all the required regions.

    Certificate Type Select the type of the certificate to be uploaded:
    • Server Certificate: For HTTPS one-way authentication, only the server certificate and the private key are required.
    • CA Certificate: For HTTPS mutual authentication, both the server certificate and the CA certificate are required.
    Certificate Content

    Paste the certificate content into the text editor.

    Click View Sample Certificate to view the valid certificate formats. For more information, see Certificate requirements.

    Private Key Paste the private key of the server certificate into the text editor.

    Click View Sample Certificate to view the valid certificate formats. For more information, see Certificate requirements.

    SLB supports the following two private key formats:
    -----BEGIN RSA PRIVATE KEY-----
    Private key content (BASE64 encoding)
    -----END RSA PRIVATE KEY-----
    or
    -----BEGIN EC PARAMETERS-----
    Private key content (BASE64 encoding)
    -----END EC PARAMETERS-----
    -----BEGIN EC PRIVATE KEY-----
    Private key content (BASE64 encoding)
    -----END EC PRIVATE KEY-----
    Notice
    • A private key is required only when you upload a server certificate.
    • Currently, keys in the EC format are supported in the following regions:
      • UK (London)
      • China (Qingdao)
      • China (Hohhot)
      • China (Chengdu)
      • Japan (Tokyo)
      • India (Mumbai)
      • Australia (Sydney)
      • Malaysia (Kuala Lumpur)
      • US (Silicon Valley)
      • US (Virginia)
      • Germany (Frankfurt)
      • UAE (Dubai)
  6. Click OK.