HTTPS is used for secure communication over networks. In simple terms, HTTPS is a secure version of HTTP, that is, HTTP is encapsulated by SSL or TLS protocol. The security foundation of HTTPS is SSL or TLS.
Advantages of HTTPS acceleration
The key information of users is encrypted during transmission to prevent security risks such as sensitive information leakage caused by session ID or cookie content being captured by attackers.
Data integrity is verified during transmission to prevent DNS or content from being hijacked and tampered with by third-party man-in-the-middle attacks (MITM).
Alibaba Cloud Live provides an HTTPS Secure CDN solution. You only need to upload the certificate or private key of the accelerated domain name after the Secure CDN mode is enabled. You can also view, disable, enable, and edit the certificate.
The certificate is correctly configured and open. Both HTTP access and HTTPS access are supported. If the certificate does not match or the certificate is disabled, only HTTP access is supported.
Usage notes
Configurations
Module | Description |
Disable and Enable HTTPS | After Disable, HTTPS requests are not supported and the certificate or private key information is no longer retained. If you Enable and enable the certificate again, you must upload the certificate or private key again. |
View a certificate | You can view a certificate. However, you cannot view a private key because it is sensitive. Keep your certificate information safe. |
Change or edit a certificate | You can modify and edit certificates, but note that the effective time is 5 minutes. Proceed with caution. |
Certificate management
ApsaraVideo Live supports two types of certificate deployment: Alibaba Cloud Security certificates and own certificates.
For accelerated domain names for which the HTTPS Secure CDN feature is enabled, you must upload a certificate, including the certificate or private key, in the PEM format.
ApsaraVideo Live uses NGINX-based Tengine Web Server. Therefore, ApsaraVideo Live supports only PEM certificates that can be read by NGINX.
Only SSL or TLS handshakes with SNI information are supported.
The uploaded certificate must match the private key. Otherwise, the certificate and private key fail the verification.
The validity period of the certificate update is 5 minutes.
The system does not support the private keys for which passwords are configured.
Procedure
Step 1: Purchase a certificate
To enable the HTTPS Secure CDN, you must have a certificate that matches the accelerated domain name. You can click Buy Now on the Alibaba Cloud Security Certificates Service page to purchase a certificate. If you own a certificate, you do not need to purchase it.
Step 2: Configure the live domain
Open the HTTPS Secure CDN.
Log on to the ApsaraVideo Live console.
Click Domain Names, select the ingest domain name for which you want to configure HTTPS Secure CDN, and then click Domain Configuration.
Click HTTPS Configuration and turn on HTTPS Certificate.
Select a certificate.
Alibaba Cloud Live supports two types of certificate deployment.
Alibaba Cloud Certificate: supports certificates purchased in Alibaba Cloud Security Certificates Service. You can directly select the name of the certificate to adapt to the accelerated domain name.
Self-owned certificate: You must specify the certificate name and upload the certificate content and private key. The certificate is saved in the Alibaba Cloud Security Certificates console. You can view the certificate in the My Certificates section.
Only the certificate format of PEM is supported.
3.Set the redirect type.
Click Change Settings on the right of Force Redirect. 
You can set forced redirection to customize the original request method of the user.
For example, after HTTP > HTTPS redirect is enabled, the user initiates an HTTP request, the server returns a 302 redirect response, and the original HTTP request is forcibly redirected to an HTTPS request.
Default: Compatible with HTTP and HTTPS requests.
HTTP > HTTPS redirect: User requests are forcibly redirected to HTTPS requests.
HTTPS > HTTP redirect: The user's request is forcibly redirected to an HTTP request.
Step 3: Verify that the certificate takes effect
After a certificate is uploaded, it takes effect within 1 minute. To verify that the HTTPS certificate takes effect, send HTTPS requests to access resources. If the URL is displayed with a lock icon in the address bar of the browser, HTTPS secure acceleration is working as expected.