To add an HTTPS listener with one-way authentication, you only need to upload a server certificate to SLB when configuring the listener.

Step 1 Upload the server certificate

Before configuring the HTTPS listener (one-way authentication), you must buy a server certificate and upload the server certificate to the certificate management system of SLB. You no longer need to maintain the certificate on the backend server after uploading it to SLB.

  1. Log on to the SLB console.
  2. In the left-side navigation pane, click Certificates, and then click Create Certificate.
  3. Configure the server certificate as follows:
    • Regions: Select China (Hangzhou).
      Note The region of the certificate must be the same as that of the SLB instance to use the certificate.
    • Certificate Type: Select Server Certificate.
    • Certificate Content and Private Key: Copy the content and private key of the server certificate. Click Import Sample to view the valid certificate format. The certificate to be uploaded must be in the PEM format. For more information, see Certificate formats.

  4. Click OK.

Step 2 Configure the SLB instance

  1. Log on to the SLB console.
  2. On the Server Load Balancer page, click Create SLB Instance.
  3. Configure the instance and then click Buy Now.
    Note In this tutorial, the instance type is Internet and the region is China (Hangzhou). For more information, see Create an SLB instance.
  4. Go back to the Server Load Balancer page and select the China (Hangzhou) region.
  5. Click the ID of the created SLB instance or click Configure Listener.
  6. Click the Listeners tab and then click Add Listener.
  7. In the Protocol and Listener tab, configure the listener.
    • Select Listener Protocol: HTTPS
    • Listening Port: 443
    • Scheduling Algorithm: Round Robin (RR)


  8. Click Next. Under the SSL Certificates tab, select the uploaded server certificate.


  9. Click Next. On the displayed page, click Default Server Group and then click Add. Add ECS instances and set the backend port to 80.
  10. In the left-side navigation pane, click Servers > Backend Servers, and then click Add Backend Servers to add ECS instances.

Step 3 Test the SLB service

  1. Go back to the Server Load Balancer page to view the health check status.

    When the status is Normal, the backend servers can receive requests forwarded by SLB listeners.

  2. Enter the public IP of the Server Load Balancer instance in the web browser.