All Products
Search
Document Center

Enable HTTPS

Last Updated: Feb 26, 2021

Hyper Text Transfer Protocol Secure (HTTPS) is a transmission protocol over which data is encrypted and transmitted. It is a secure version of HTTP. HTTPS uses SSL and TLS to encrypt data.

Benefits

You can enable HTTPS to encrypt the sensitive information in the data to be transmitted, such as your session ID or cookie, in order to prevent data leaks.

Data integrity verification is performed during data transmission to prevent man-in-the-middle (MITM) attacks, and protect DNS queries and data against hijacking and tampering.

ApsaraVideo Live supports HTTPS. You only need to enable HTTPS and then upload the HTTPS certificate and private key. In addition, you can view, enable, disable, and edit HTTPS certificates.

When your HTTPS certificate is valid and enabled, you can use both HTTP and HTTPS to visit your live streaming service. When your HTTPS certificate is invalid or disabled, you can only use HTTP to visit your live streaming service.

Restrictions and guidelines

HTTPS configuration

Function Description
Disable and Enable HTTPS After you disable HTTPS, HTTPS requests are not supported and no certificate or private key is retained. After you enable HTTPS, you must re-upload the HTTPS certificate and private key before enabling the HTTPS certificate.
View HTTPS certificates Due to sensitive information protection, you can only view HTTPS certificates. Private keys are not displayed. Make sure that your certificate and private key are inaccessible to others.
Modify HTTPS certificates You can modify HTTPS certificates. Use caution when you edit a certificate. After the certificate is modified, it takes up to one hour for the certificate to take effect.

HTTPS certificates

  • You must upload a certificate and private key for domain names that are enabled with HTTPS. HTTPS certificate and private key must be in the PEM format.

    Note ApsaraVideo Live uses Tengine, which is developed based on NGINX. Therefore, the certificate must be readable by NGINX. This means that the certificate must use the PEM format.

  • Only SSL and TLS handshakes containing the SNI information are supported.

  • The certificate that you upload must match the private key. Otherwise, a verification error occurs.

  • It takes one hour for an updated certificate to take effect.

  • Private keys with a password are not supported.

Procedure

Step 1. Purchase an HTTPS certificate.

To enable HTTPS, you must have an HTTPS certificate that matches your domain name. To purchase an HTTPS certificate, go to the SSL Certificates Service page and then click Buy Now.

Step 2. Configure a streaming domain name.

  1. Enable HTTPS.
    1. Log on to the ApsaraVideo Live console.
    2. Click Domain Management, select the streaming domain name that you need to enable HTTPS for, and click Configure .
    3. Click HTTPS Settings, click Change Settings under HTTPS Certificate .
    4. In HTTPS Setting, click the Enable HTTPS toggle. The Certificate Settings are displayed.
  2. Select an HTTPS certificate.

    ApsaraVideo Live supports two types of certificates.

    • Custom Certificate: You must set the certificate name and then upload the certificate and private key. The certificate is then saved in the Alibaba Cloud SSL Certificates console. You can view it on the My Certificates tab page.

    • Custom Certificate: You must set the certificate name and then upload the certificate and private key. The certificate is then saved in the Alibaba Cloud SSL Certificates console. You can view it on the My Certificates tab page.

    • Certificate Issued by Alibaba Cloud Security: Certificates issued by SSL Certificates Service of Alibaba Cloud Security. You can directly select a certificate for your domain name.

      Note Only certificates in the PEM format are supported.

  3. Set the redirect type.

    Click Change Settings under Redirect Type.

    Forcible redirect is supported. This function allows you to forcibly redirect requests.

    For example, if HTTP > HTTPS redirect is set and a user sends an HTTP request, the server returns a 302 redirect response. The original HTTP request is forcibly redirected to an HTTPS request.

    • Default: Both HTTP and HTTPS requests are supported.

    • HTTP > HTTPS: HTTP requests are forcibly redirected to HTTPS requests.

    • HTTPS > HTTP: HTTPS requests are forcibly redirected to HTTP requests.

Step 3. Verify the certificate.

After the certificate is enabled, you can access resources over HTTPS. If the https string in green color appears in the address bar of your browser, this means that an encrypted connection has been established to the website through HTTPS.