Alibaba Cloud CDN:Configure an SSL certificate for multiple domain names

Prerequisites

• An SSL certificate is prepared. If you want to purchase an SSL certificate, you can log on to the Certificate Management Service console to apply for a free certificate or purchase a certificate from a certificate authority (CA).
• If you want to use a custom certificate, it must be in a valid format. For more information, see Certificate formats.

Background information

SSL certificates are classified into different types based on vetting and verification requirements. Different types provide different levels of security and are suitable for different websites. For more information, see What is Certificate Management Service?.

Configure or renew an SSL certificate

HTTPS secure acceleration is a value-added service. After you enable HTTPS, you are charged based on the number of HTTPS requests. You cannot use data transfer plans to offset the fees. For more information about the pricing of HTTPS secure acceleration, see Billing of HTTPS requests for static content.

1. Log on to the Alibaba Cloud CDN console.
2. In the left-side navigation pane, choose HTTPS Center.
3. On the Certificate Center page, click Add Certificate.
4. On the Add Certificate page, set the following parameters.
   

   Parameter	Description
   Certificate Source	Certificate Source supports the following options. You can switch between the options. SSL Certificates Service You can apply for certificates of various CAs and types in the Certificate Management Service console. Custom Certificate (Certificate+Private Key) If you cannot find a certificate that meets your requirements from the certificate list, upload a custom certificate. You must enter the certificate name, the public key, and the private key of the certificate. The certificate is saved to Certificate Management Service. You can check the certificate on the SSL Certificates page. Note If the system prompts that the certificate already exists when you upload a custom certificate with a private key, change the certificate name and try again. If you do not want to expose your private key to environments other than Alibaba Cloud CDN, you can use the Certificate Signing Request (CSR) tool provided by Certificate Management Service to generate a CSR and a private key based on algorithms such as Rivest–Shamir–Adleman (RSA), Elliptic-curve cryptography (ECC), and ShangMi2 (SM2). You can also upload an existing CSR.
   Certificate Name	You must specify a certificate name if Certificate Source is set to one of the following values: SSL Certificates Service Custom Certificate (Certificate+Private Key)
   Certificate (Public Key)	You must set Certificate (Public Key) if you set Certificate Source to Custom Certificate (Certificate+Private Key). For more information, see the PEM Encoding Reference below the Certificate (Public Key) field.
   Private Key	You must set Private Key if you set Certificate Source to Custom Certificate (Certificate+Private Key). For more information, see the PEM Encoding Reference below the Private Key field.

5. Click Next.
6. Associate one or more domain names with the certificate.
   Note

   • If a selected domain name is already associated with a certificate, the existing certificate will be replaced by the selected certificate in this step.
   • If you set Certificate Source to SSL Certificates Service or Custom Certificate (Certificate+Private Key), you can renew or deploy the specified certificate for multiple domain names at a time.

   
7. Click OK to deploy or update the certificate.

Check whether HTTPS takes effect

After an SSL certificate is uploaded, it takes effect within one minute. To verify that the SSL certificate takes effect, send HTTPS requests to access resources. If the URL is displayed with a lock icon in the address bar of the browser, HTTPS secure acceleration is working as expected.

Related API operations