All Products
Search
Document Center

Dynamic Content Delivery Network:Configure an SSL certificate

Last Updated:Feb 20, 2024

Dynamic Content Delivery Network (DCDN) supports HTTPS secure acceleration. You can upload a custom SSL certificate or select an SSL certificate from Certificate Management Service in the DCDN console. If you want to enable HTTPS to ensure the security of data transmission, SSL certificates are required. This topic describes how to configure and renew an SSL certificate.

Prerequisites

  • If you want to purchase an SSL certificate, you can log on to the Certificate Management Service console to purchase a certificate from a certificate authority (CA).

  • Certificates that are issued by third-party certificate authorities (CAs) must meet the certificate format requirements. For more information, see Certificate formats.

Background information

Only SSL certificates that are in the Privacy Enhanced Mail (PEM) format are supported. If your SSL certificate is not in the PEM format, you need to convert the certificate to the PEM format. For more information, see Certificate formats.

Note
  • The CRT file name extension is short for certificate. The certificate may be in the PEM or Distinguished Encoding Rules (DER) format. Before you convert the format of a certificate, check whether you need to convert the certificate into other formats.

  • PEM is a text format. It starts with " -----BEGIN ***-----" and ends with "-----END ***-----". The content between these lines is Base64-encoded. The certificate and the private key can be saved in this format. To distinguish a certificate from a private key, the extension of a private key file that is in PEM format is .key.

Step 1: Configure or renew an SSL certificate

HTTPS secure acceleration is a value-added service. After you enable HTTPS, you are charged based on the number of HTTPS requests. You cannot use DCDN data transfer plans to offset fees. For information about the pricing of HTTPS secure acceleration, see Billing of HTTPS and HTTP requests.

  1. Log on to the DCDN console.

  2. In the left-side navigation pane, click Domain Names.

  3. On the Domain Names page, find the domain name whose acceleration region you want to change and click Configure.
  4. In the left-side navigation tree of the domain name, click HTTPS Settings.

  5. In the SSL Certificate section, click Modify.

  6. In the HTTPS Settings dialog box, turn on SSL Acceleration.

    After you turn on SSL Acceleration, the system prompts that you will be charged for using HTTPS. You can choose to enable or disable HTTPS based on your business requirements. For more information about HTTPS pricing, see Billing of HTTPS and HTTP requests.

  7. Configure the parameters.

    HTTPS Settings

    Parameter

    Description

    Certificate Source

    Certificate Source has two options. You can switch between the two options based on your business requirements.

    • If you have purchased a certificate from Alibaba Cloud Certificate Management Service, set the Certificate Source parameter to SSL Certificates Service and select the purchased certificate from the Certificate Name drop-down list.

    • If you use a certificate that is issued by a third-party CA, set the Certificate Source parameter to Custom Certificate (Certificate+Private Key). After you configure the Certificate Name parameter, configure the Certificate (Public Key) and Private Key parameters.

    Certificate Name

    Enter a name for the certificate that you want to upload.

    The name can contain letters, digits, periods (.), underscores (_), and hyphens (-).

    Note
    • A certificate name must be unique. You can view existing certificates on the SSL Certificates page.

    • If the system prompts that the certificate already exists, change the certificate name and re-upload the certificate.

    Certificate (Public Key)

    If you set the Certificate Source parameter to Custom Certificate (Certificate + Private Key), you need to configure the Certificate (Public Key) and Private Key parameters. For more information, see PEM Encoding Reference below the Certificate (Public Key) and Private Key fields.

    Private Key

  8. Click OK.

Check whether HTTPS secure acceleration takes effect

After you upload an SSL certificate, the certificate takes effect within 1 minute. To check whether the SSL certificate takes effect, you can send HTTPS requests to access resources. If the URL is displayed with a lock icon in the address bar of the browser, HTTPS secure acceleration is working as expected.验证结果

After you configure an SSL certificate, take note of the expiration time of the certificate. You need to configure a new certificate before the certificate expires.

Step 3: Disable HTTPS secure acceleration

If you no longer require HTTPS secure acceleration, you can disable HTTPS secure acceleration in the DCDN console. HTTPS secure acceleration is immediately disabled after you turn off the switch.