Dynamic Route for Content Delivery Network (DCDN) supports Hypertext Transfer Protocol Secure (HTTPS) acceleration. You can upload a custom certificate or select a certificate from Alibaba Cloud SSL Certificates Service in the DCDN console. The certificate ensures data security during transmission. This topic describes how to configure or update an HTTPS certificate for multiple domain names at a time.

Background information

HTTPS is an HTTP channel that is designed to enhance security. The integration of HTTPS into DCDN secures content transmission. This allows clients to browse website content in a secure and efficient manner.

SSL certificate files must be in the PEM format. For more information about how to convert certificate files to the PEM format, see Certificate formats.

HTTPS acceleration is a value-added service. After you enable HTTPS, the service is charged based on the number of HTTPS requests that DCDN has received. You cannot use DCDN data transfer plans to offset the fee. For more information about the HTTPS pricing, see Requests billing.

Procedure

  1. Log on to the Dynamic Route for CDN console.
  2. In the left-side navigation pane, click Tools. Then, click Certificate Center.
  3. On the Certificate Center page, click Add Certificate.
  4. On the Add Certificate pane, set the certificate parameters.
    Parameter Description
    Certificate Source
    • SSL Certificates Service

      You can apply for certificates of various providers and types in the SSL Certificates Service console.

    • Custom Certificate (Certificate + Private Key)

      If you cannot find a certificate that meets your requirements from the certificate list, upload a custom certificate. You must enter the certificate name, the public key, and the private key of the certificate. The certificate is saved to SSL Certificates Service. You can view information about the certificate in the SSL Certificates Service console.

    • Free Certificate
      Free certificates are used only for HTTPS acceleration. You cannot manage free certificates or view the public or private keys of free certificates in the SSL Certificates Service console.
      • A free certificate is issued within one to two business days after you apply for it. During this period of time, you can also upload a custom certificate or select a certificate from Alibaba Cloud SSL Certificates Service.
        Note After you submit the application, the certificate may be issued within several hours or two business days. The amount of time it takes depends on the verification process that is required by the certificate authority.
      • A free certificate is valid for one year. Before it expires, you do not need to apply for a new certificate each time you enable HTTPS acceleration. If the free certificate expires, you must apply for a new one.

    You can switch between certificates from SSL Certificates Service, custom certificates, and free certificates.

    Certificate Name You must specify the certificate name if you set Certificate Source to SSL Certificates Service or Custom Certificate (Certificate + Private Key).
    Certificate (Public Key) This parameter is required if you set Certificate Source to Custom Certificate (Certificate + Private Key). For more information, see PEM Encoding Reference below the Certificate (Public Key) field.
    Private Key This parameter is required if you set Certificate Source to Custom Certificate (Certificate + Private Key). For more information, see PEM Encoding Reference below the Private Key field.
  5. Click Next.
  6. Associate domain names with the certificate.
    Note If you use a certificate from SSL Certificates Service or a custom certificate, you can associate multiple domain names with the certificate at a time. If you use a free certificate, you can associate only one domain name with the certificate.
  7. Click OK to deploy or update the certificate.

What to do next

After a certificate is uploaded, it takes effect within one minute. To verify that the HTTPS certificate takes effect, send HTTPS requests to access resources. If the URL is displayed with a lock icon in the address bar of the browser, HTTPS secure acceleration is working as expected.Verify the settings

Related API operations

You can call the related API operation to configure or update the certificate of a domain name. For more information, see SetDcdnDomainCertificate.
Note If you want to update the certificates of multiple domain names, call this operation multiple times.