To let Alibaba Cloud WAF inspect HTTPS traffic for your web business, you must include HTTPS in the protocol type in website configuration, and upload a valid HTTPS certificate to WAF. If the certificate changes, you must update the certificate in the Alibaba Cloud WAF console in a timely manner.

Background information

If you have uploaded the certificate file to Alibaba Cloud SSL Certificate Service for integrated management, then in the following steps, you can reuse it directly instead of uploading it again.

Otherwise, you must have the certificate and private key files prepared, to complete the following operations.

In general, the following files are required:
  • *.crt (Public key) or *.pem (Certificate)
  • *.key (Private key)


  1. Log on to the Alibaba Cloud WAF console.
  2. On the top of the page, select the region: Mainland China, International.
  3. On the Management > Website Configuration page, locate the domain name to be operated, and click the Update Certificate button () next to the HTTPS Protocol Status.

  4. In the Update Certificate dialog box, select an Upload method.
    • If the HTTPS certificate to be uploaded is hosted in Alibaba Cloud SSL Certificate Service, you can check Select existing certificate and select it for upload.

    • Manual upload. Click Manual upload, enter a Certificate name, and paste the text context of the certificate file and private key file respectively to the Certificate file and Private key file boxes.
      • For certificates in general formats, such as PEM, CER, and CRT, you can open the certificate file directly by using a text editor tool to copy the text content. For certificates in other formats, such as PFX and P7B, convert the certificate file to the PEM format, and then copy the text content from the converted certificate file.
      • If the HTTPS certificate has multiple certificate files, such as a certificate chain file, merge the text contents from the multiple certificate files and paste them into the Certificate file box.
      Example of the text content of a certificate file:
      -----BEGIN CERTIFICATE-----
      -----END CERTIFICATE-----
      Example of the text content of a private key file:
      -----BEGIN RSA PRIVATE KEY-----
      -----END RSA PRIVATE KEY-----

  5. Click Save to complete the procedure.


The HTTPS protocol status displays as Normal.