HTTPS is an extension of HTTP and serves to enhance security. The application of HTTPS in Dynamic Route for CDN (DCDN) secures content transmission. This provides a secure and efficient method of browsing data when clients have fast access to website content. This topic describes how to validate and configure different types of HTTPS certificates.

Background information

HTTPS certificate files must be in the Privacy Enhanced Mail (PEM) format. For more information about how to convert certificate files from various formats to the PEM format, see Certificate formats.

The HTTPS feature is a value-added service. After you enable HTTPS, you are billed for the service based on the number of HTTPS requests that DCDN has received. You cannot use DCDN resource packages to deduct the charges of the service. For more information about HTTPS pricing, see Requests billing.

HTTPS certificates are categorized into the following types based on the levels of security and trust:
  • A domain validated (DV) certificate has a safety lock. It only verifies the ownership of a domain name. A DV certificate verifies the ownership of a domain name by verifying the specified file of the domain name or the TXT record of the domain name.
  • An organization validated (OV) certificate is a standard SSL certificate that verifies the identity of an organization. An OV certificate provides more trust than a DV certificate, but the validation process is stricter and longer. OV certificates are typically used in the e-commerce, education, and gaming sectors.
  • An extended validation (EV) certificate follows the guidelines maintained by the Certification Authority Browser Forum, also known as the CA/Browser Forum. EV certificates are SSL certificates of the highest security level. Each EV certificate is identified by an object identifier (OID), which is a complete enterprise name. EV certificates are widely used in sectors such as financial transactions and online banking.

Procedure

  1. Log on to the DCDN console.
  2. In the left-side navigation pane, click Domain Names.
  3. On the Domain Names page, find the domain name that you want to manage, and click Configure in the Actions column.
  4. In the left-side navigation pane on the details page of the specified domain, click HTTPS Settings.
  5. In the HTTPS Certificate section, click Modify.
  6. In the HTTPS Settingsdialog box, turn on SSL Acceleration.

    After you turn on SSL Acceleration, the system displays a message to indicate that you are separately billed for the HTTPS feature. You can enable this feature based on your business needs. For more information about HTTPS pricing, see Requests billing.

  7. In the dialog box that appears, select the check box and click Confirm.
  8. On the HTTPS Settings page, specify the following certificate parameters.
    Parameter Description
    Certificate Source
    • SSL Certificates Service

      You can apply for certificates of various providers and types in the SSL Certificates Service console.

    • Custom Certificate (Certificate + Private Key)

      If you cannot find a certificate that meets your requirements from the certificate list, upload a custom certificate. You must enter the certificate name, the public key, and the private key of the certificate. The certificate is saved to SSL Certificates Service. You can view information about the certificate in the SSL Certificates Service console.

    • Free Certificate
      Free certificates are used only for HTTPS acceleration. You cannot manage free certificates or view the public or private keys of free certificates in the SSL Certificates Service console.
      • A free certificate is issued within one to two business days after you apply for it. During this period of time, you can also upload a custom certificate or select a certificate from Alibaba Cloud SSL Certificates Service.
        Note After you submit the application, the certificate may be issued within several hours or two business days. The amount of time it takes depends on the verification process that is required by the certificate authority.
      • A free certificate is valid for one year. Before it expires, you do not need to apply for a new certificate each time you enable HTTPS acceleration. If the free certificate expires, you must apply for a new one.

    You can switch between certificates from SSL Certificates Service, custom certificates, and free certificates.

    Certificate Name You must specify the certificate name if you set Certificate Source to SSL Certificates Service or Custom Certificate (Certificate + Private Key).
    Certificate (Public Key) This parameter is required if you set Certificate Source to Custom Certificate (Certificate + Private Key). For more information, see PEM Encoding Reference below the Certificate (Public Key) field.
    Private Key This parameter is required if you set Certificate Source to Custom Certificate (Certificate + Private Key). For more information, see PEM Encoding Reference below the Private Key field.
  9. Click OK.

What to do next

After an SSL certificate is uploaded, it takes effect within one minute. To verify that the SSL certificate takes effect, send HTTPS requests to access resources. If the URL is displayed with a lock icon in the address bar of the browser, HTTPS secure acceleration is working as expected.Test result