HTTPS is an HTTP channel designed to enhance security. The integration of HTTPS into Dynamic Route for CDN (DCDN) secures content transmission, allowing clients to browse website content more securely and efficiently. This topic describes how different types of HTTPS certificates are validated and configured.

Prerequisites

You must purchase an advanced HTTPS certificate or apply for a free HTTPS certificate in the Alibaba Cloud Security console.

Background information

HTTPS certificate files must be in the PEM format. For more information about converting certificate files to the PEM format, see Certificate formats.

HTTPS secure acceleration is a value-added service. After you enable HTTPS, the service is charged based on the number of HTTPS requests that DCDN has received. You cannot use DCDN data transfer plans to offset this fee. For more information about HTTPS pricing, see Requests billing.

HTTPS certificates are categorized into the following types based on the levels of security and trust:
  • A domain validated (DV) certificate has a safe lock. It only authenticates the ownership of a domain, which includes the content of the specified files in the domain or the TXT records related to the domain.
  • An organization validated (OV) certificate is a standard SSL certificate that verifies the identity of an organization. An OV certificate provides more trust than a DV certificate, but the validation process is stricter and longer. OV certificates are typically used in the e-commerce, education, and gaming sectors.
  • An extended validation (EV) certificate follows the guidelines maintained by the Certification Authority Browser Forum, also known as the CA/Browser Forum. EV certificates are SSL certificates of the highest security level. Each EV certificate is identified by an object identifier (OID), which is a complete enterprise name. EV certificates are widely used in sectors such as financial payment and online banking.

Procedure

  1. Log on to the Dynamic Route for CDN console.
  2. In the left-side navigation pane, click Domain Names.
  3. On the Domain Names page, find the target domain name and click Configure.
  4. In the left-side navigation pane of the specified domain, click HTTPS Settings.
  5. In the HTTPS Certificate section, click Modify.
  6. In the HTTPS Settings dialog box, click the SSL Acceleration switch to enable the feature and set the required HTTPS certificate parameters.
    After you enable HTTPS secure acceleration, the system displays a message to indicate that HTTPS acceleration is charged independently. You can confirm whether to enable this feature based on your actual needs. For more information about HTTPS pricing, see Requests billing.
    Parameter Description
    Certificate Type
    • Alibaba Cloud Security

      You can apply for a free certificate or purchase an advanced certificate in the SSL Certificates Service console.

    • Custom

      If you cannot find a suitable certificate from SSL Certificates Service, upload a custom certificate. To upload a custom certificate, you need to enter a certificate name, and upload the certificate content and private key. The uploaded certificate will be saved to SSL Certificates Service. You can check the certificate on the SSL Certificates page.

    • Free Certificate
      Free Digicert DV certificates provided by Alibaba Cloud. Free certificates are used only for HTTPS secure acceleration. You cannot manage free certificates or view their public and private keys in the SSL Certificates Service console.
      • It takes 5 to 10 minutes to apply for a free certificate. During this period, you can also choose to upload a custom certificate or select a certificate from Alibaba Cloud SSL Certificates Service.
      • Free certificates are valid for one year and are automatically renewed upon expiration.
      • You do not need to apply for a new certificate each time you enable HTTPS secure acceleration. You must apply for a new certificate only if the current one has expired.

    You can change the certificate between an Alibaba Cloud certificate, a custom certificate, and a free certificate.

    Certificate Name When Certificate Type is set to Alibaba Cloud Security or Custom, you must enter the certificate name.
    Content When Certificate Type is set to Custom, you must enter the certificate content. For more information, click Pem Code Example under the Content field.
    Private Key When Certificate Type is set to Custom, you must enter the private key. For more information, click Pem Code Example under the Private Key field.
    HTTPS Certificate
  7. Click OK.

    You can disable, enable, and modify an HTTPS certificate. After an HTTPS certificate is disabled, the system deletes the certificate information. To enable the HTTPS certificate again, you must re-upload the certificate or private key.

  8. Verify that the HTTPS certificate takes effect.

    An updated HTTPS certificate takes effect on the entire network within one minute. To verify that the HTTPS certificate takes effect, send HTTPS requests to access resources. If the URL in the address bar of the browser displays https in green, HTTPS secure acceleration is working.

    Verify the result