To configure an HTTPS listener for one-way authentication, you need only to upload a server certificate.

Step 1: Upload a server certificate

Before you configure an HTTPS listener for one-way authentication, you must purchase a server certificate and upload the server certificate to the certificate management system of Classic Load Balancer (CLB). You do not need to configure the backend Elastic Compute Service (ECS) instances.

  1. Log on to the CLB console.
  2. In the left-side navigation pane, click Certificates. Then, click Create Certificate.
  3. Select Certificate Source: Upload Third-party Certificate
  4. Set the following parameters:
    • Certificate Name: The name must be 1 to 80 characters in length and can contain letters, digits, hyphens (-), forward slashes (/), periods (.), underscores (_), and asterisks (*).
    • Region: Select China (Hangzhou).
      Note The region that you select must be the same as the region where the CLB instance is deployed.
    • Certificate Type: Select Server Certificate.
    • Public Key Certificate and Private Key: Paste the content of the server certificate and the private key in the fields. You can click Example to view the valid certificate formats. The certificate that you want to upload must be in the PEM format. For more information, see Certificate requirements.
  5. Click OK.

Step 2: Configure a CLB instance

  1. Log on to the CLB console.
  2. On the Instances page, click Create CLB.
  3. Set the required parameters, click Buy Now, and then complete the payment.
    Set Instance Type to Internet and Region to China (Hangzhou). For more information, see Create a CLB instance.
  4. Go back to the Instances page and select the China (Hangzhou) region.
  5. Find the CLB instance that you created and click its ID or click Configure Listener in the Actions column.
  6. On the Listener tab, click Add Listener.
  7. For Protocol and Listener, set the following parameters:
    • Select Listener Protocol: Select HTTPS.
    • Listening Port: Enter 443.
    • Scheduling Algorithm: Select Round-Robin (RR).
  8. Click Next. For SSL Certificates, select the server certificate that you uploaded and a TSL security policy.
  9. Click Next. For Backend Servers, click Default Server Group and click Add More. Add ECS instances and set the port to 80.
  10. Use the default values for other parameters and click Next. For Confirm, click Submit.

Step 3: Test the CLB service

  1. Go back to the Instances page and view the health check status.

    If Normal is displayed, this indicates that the backend servers can receive requests.

  2. Enter the public IP address of the CLB instance in your browser.