Alibaba Cloud CDN supports HTTPS secure acceleration. You can upload a custom SSL certificate or select an SSL certificate from Certificate Management Service in the Alibaba Cloud CDN console. SSL certificates are required if you want to enable HTTPS to ensure the security of data transmission. This topic describes how to configure and renew an SSL certificate.
Prerequisites
- An SSL certificate is prepared. If you want to purchase an SSL certificate, you can log on to the Certificate Management Service console to apply for a free certificate or purchase a certificate from a certificate authority (CA).
- If you want to use a custom certificate, it must be in a valid format. For more information, see Certificate formats.
Background information
SSL certificates are classified into different types based on vetting and verification requirements. Different types provide different levels of security and are suitable for different websites. For more information, see Supported certificate types.
PEM
format are supported. If your SSL certificate is not in PEM
format, you must convert it to PEM
. For more information, see Convert certificate formats.
- The CRT file extension is short for certificate. The certificate may be in PEM or Distinguished Encoding Rules (DER) format. Before you convert the format of a certificate, check whether the certificate needs to be converted into other formats.
- PEM is a text format. It starts with " -----BEGIN ***-----" and ends with "-----END
***-----". The content between these lines is encoded in Base64. Both the certificate
and private key can be saved in this format. To distinguish a certificate from a private
key, the extension of a private key file that is in PEM format is
.key
.
Step 1: Configure or renew an SSL certificate
HTTPS secure acceleration is a value-added service. After you enable HTTPS, you are charged based on the number of HTTPS requests. You cannot use CDN data transfer plans to offset the fees. For more information about the pricing of HTTPS secure acceleration, see Billing of HTTPS requests for static content.
Step 2: Check whether HTTPS takes effect

Step 3: Disable HTTPS secure acceleration
If you no longer want to use HTTPS secure acceleration, you can disable it in the Alibaba Cloud CDN console. HTTPS secure acceleration is disabled immediately after you turn off the switch.
Related API operations
API operation | Description |
---|---|
CreateCdnCertificateSigningRequest | Creates a certificate signing request (CSR). |
DescribeDomainCertificateInfo | Queries the certificate information about an accelerated domain name. |
SetDomainServerCertificate | Enables or disables the certificate of a domain name, and modifies the certificate information. |
SetCdnDomainCSRCertificate | Configures an SSL certificate for a specified domain name. |
DescribeCdnDomainByCertificate | Queries accelerated domain names by SSL certificate. |
DescribeCdnCertificateDetail | Queries the detailed information about an SSL certificate. |
DescribeCdnCertificateList | Queries SSL certificates configured for accelerated domain names. |
DescribeCertificateInfoByID | Queries the information about a specified SSL certificate. |
BatchSetCdnDomainServerCertificate | Enables or disables the certificates of domain names, and modifies the certificate information. |
DescribeCdnHttpsDomainList | Queries the information about the SSL certificates within your Alibaba Cloud account. |
DescribeUserCertificateExpireCount | Queries the number of domain names whose SSL certificates are about to expire or have already expired. |
SetCdnDomainSMCertificate | Enables or disables a ShangMi (SM) certificate for a domain name. |
DescribeCdnSMCertificateLis | Queries the SM certificates of an accelerated domain name. |
DescribeCdnSMCertificateDetail | Queries the details about an SM certificate. |