edit-icon download-icon

HTTPS secure acceleration configuration

Last Updated: Jan 26, 2018

Function overview

Hypertext Transfer Protocol over Secure Socket Layer (HTTPS) is a secuity suite of the normal HTTP channel focusing on security. It encapsulates HTTP with the SSL/TLS protocol with SSL/TLS protocol as its security base.

Advantages of HTTPS acceleration

Key user data is encrypted during transmission to prevent sensitive information from the leakage, such as session IDs or cookies that can be maliciously used by attackers.

Data integrity verification is performed during transmission to prevent the hidden danger of man in the middle (MITM) such as DNS or content hijacked or tampered by an unverified third party.

Alibaba Cloud ApsaraVideo Live provides HTTPS secure acceleration schemes. You must enable the secure acceleration mode and then upload the certificate/private key of the CDN domain. The ApsaraVideo Live console also supports viewing, disabling, enabling, and editing the certificates.

If the certificate is configured correctly and enabled, both HTTP access and HTTPS access are supported. If the certificate does not match or is disabled, only HTTP access is supported.

Notes

Configuration restrictions

Feature Description
Disable and Enable HTTPS status Disable: No HTTPS requests are supported and no certificate/private key information is retained.
Enable: You must re-upload the certificate/private key to enable the certificate again.
View certificate It allows you to view the certificate only. Viewing private key information is not supported.
Modify and edit certificate Modification and editing of the certificate are supported, but the effective period for performing these operations is 1 hour. Perform the operation with caution.

Certificate restrictions

  • The certificate and private key of a CDN domain for which HTTPS secure acceleration is enabled, must be uploaded. Both the certificate and private key must be in PEM format.

    Note: Tengine used in ApsaraVideo Live is based on Nginx, which means certificates that can be read by Nginx are supported (the certificates must be in PEM format).

  • Only SSL/TLS handshakes containing SNI information is supported.

  • The certificate and private key that you upload must have a one-to-one correspondence with each other; otherwise, the verification fails.

  • The effective period of the updated certificate is 1 hour.

  • Private key with a password is not supported.

Configuration guide

Step 1. Buy a certificate.

To enable HTTPS secure acceleration, you must have a certificate that matches the CDN domain. Click Buy Now at the Alibaba Cloud Certificates Service to buy a certificate.

2

Step 2. Configure the live video domain name.

  1. Enable HTTPS secure acceleration.

    1. Log on to the ApsaraVideo Live console.

    2. Select the region in Domains.

    3. Select the domain name and click Detail at the right side.

      2

    4. Click Base Information > Settings to perform HTTPS Settings.

    5. Click HTTPS secure acceleration to go to the setting page, and then enable Certificate Status.

      2

  2. Select a certificate.

    Alibaba Cloud ApsaraVideo Live supports two types of certificates for deployment.

    • Self-owned certificate: You must set the certificate name and then upload the certificate content and private key. The certificate is then saved in the Alibaba Cloud SSL Certificates console. You can view it under My Certificates tab.

    • Alibaba Cloud certificate: Certificates purchased from the Alibaba Cloud Certificates Service are supported. You can select a certificate name to adapt to the CDN domain.

      1

      NOTE: Only certificates in PEM format are supported.

  3. Set the redirection type.

    Forced redirection is supported: The system forces redirection of the users’ original request methods by default.

    For example, if HTTP > HTTPS redirection is enabled and a user initiates an HTTP request, the server returns a 302 redirect response and the original HTTP request is forcibly redirected to the HTTPS request.

    • Default: HTTP and HTTPS requests are compatible.

    • HTTP > HTTPS redirect: Users’ HTTP requests are forcibly redirected to the HTTPS requests.

    • HTTPS > HTTP redirect: Users’ HTTPS requests are forcibly redirected to the HTTP requests.

Step 3. Verify whether the certificate has taken effect.

You can access resources by HTTPS when the settings are completed and the certificate are active now. If a green HTTPS mark appears in your browser, it indicates that currently a private connection is established with the website and HTTPS secure acceleration is effective.

23

Thank you! We've received your feedback.