To use a custom domain name to access OSS resources over HTTPS, you must purchase an SSL certificate. You can purchase an SSL certificate from any certificate authority (CA) or from Alibaba Cloud SSL Certificates Service and host your certificate in OSS.

Host your certificate in one of the following methods based on your actual condition:

Host a certificate for a custom domain name

If you have bound a custom domain name to your bucket as instructed in Bind a custom domain name, perform the following steps to host your certificate in the OSS console:

  1. Log on to the OSS console.
  2. Click Buckets, and then click the name of the target bucket.
  3. Choose Transmission > Domain Names.
  4. On the Domain Names tab that appears, click Upload Certificate in the Actions column corresponding to the domain name for which you want to upload an SSL certificate.
  5. In the Upload Certificate dialog box that appears, enter the public key and private key used in your certificate.
    Note You can select Show PEM Encoding Example to view examples of the public key and private key. For more information about the certificate format, see Overview of certificate formats.
  6. Click Upload.

Host a certificate for an accelerated domain name

If you have bound an accelerated domain name to your bucket as instructed in Bind an accelerated domain name, perform the following steps to host your certificate in the CDN console:

  1. Log on to the Alibaba Cloud CDN console.
  2. Click Domain Names. On the page that appears, click Manage in the Actions column corresponding to the domain name for which you want to upload an SSL certificate.
  3. Choose HTTPS > Modify.
  4. In the Modify HTTPS Settings dialog box that appears, turn on HTTPS Secure Acceleration.
  5. Set Certificate Type.

    You can select Alibaba Cloud Certificate, Custom, or Free Certificate. Your certificate files must be in the PEM format.

    • Alibaba Cloud Certificate: Select your SSL certificate.
    • Custom: You must set the certificate name, and then upload the certificate content and private key. The uploaded certificate is stored in Alibaba Cloud SSL Certificates Service. You can view the certificate in the SSL Certificates Service console.
    • Free Certificate: Use the free Digicert DV SSL certificate provided by Alibaba Cloud. Free certificates are used only for the HTTPS Secure Acceleration service of CDN. Therefore, you cannot manage free certificates or view their public and private keys in the Alibaba Cloud Security console. A free certificate takes effect after about 10 minutes.
  6. Click OK.

    A purchased certificate takes effect after about an hour. You can access OSS resources over HTTPS. If https is displayed in green in the address bar of the browser, the SSL certificate is in effect.