After you purchase an SSL certificate in the Certificate Management Service console and the certificate is issued, you can download the certificate to your computer and install the certificate based on your business requirements. You can install an Alibaba Cloud SSL certificate on a web server.
|Installation on a web server||Install a certificate on a web server and enable HTTPS listening to implement HTTPS
communication between the server and clients.
Different types of web servers support different formats of certificate files. To facilitate certificate installation, Certificate Management Service provides certificate packages that are suitable for mainstream web servers, such as NGINX, Spring Boot, Apache Tomcat, Apache HTTPD, and Internet Information Services (IIS) servers. You can download and use the packages without the need to convert the formats of certificate files.
Download a certificate to your computer
- Log on to the SSL Certificates Service console.
- On the Manage Certificates tab of the SSL Certificates page, find the certificate that you want to download and click Download in the Actions column. Note The Download button appears in the Actions column only when the certificate is in the Issued, Pending Expiration, or Expired state. If the certificate is in a different state, the Download button does not appear.
- In the Download Certificate panel, download the certificate for your web server. Certificate Management Service automatically converts the certificate files into different formats that are suitable for various types of web servers and compresses the files into packages. Each package meets all the configuration requirements for a specific type of web server. You need only to click Download for your server type. Then, the certificate package is downloaded to your computer.Examples:
After the download, the certificate package is stored in the default download directory of your browser. You can view the downloaded certificate package in the directory and decompress the package to obtain certificate files.
- If you use an Apache Tomcat or Spring Boot server, you must download a certificate
package in the PFX or JKS format.
- Click Download next to Tomcat to download a PFX certificate package.
- Click Download next to JKS to download a JKS certificate package.
- If you use an Apache HTTPD, NGINX, or IIS server, click Download next to Apache, Nginx, or IIS.
- If you use a different server, click Download next to Other.
- If you want to install a root certificate on clients, such as apps or Java clients,
click Download next to Download Root Certificate.
Note If your web services are accessed by using client browsers, you do not need to manually install root certificates because the root certificates are built into the client browsers.
- If you use an Apache Tomcat or Spring Boot server, you must download a certificate package in the PFX or JKS format.
Install the certificate on your web server
After you download the certificate to your computer, you must upload the certificate to your web server and modify the server settings for the certificate to take effect.
|Web server type||Certificate installation method|
|NGINX and Tengine||Install SSL certificates on NGINX servers or Tengine servers|
|Spring Boot||Enable HTTPS on Spring Boot|
|Apache Tomcat 7 and earlier|
|Apache Tomcat 8 and later||Install SSL certificates on Tomcat 8.5 or 9.0 servers that run CentOS|
|Apache HTTPD||Install SSL certificates on Apache servers|
|Apache 2||Deploy SSL certificates on Apache 2 servers that run Ubuntu|
|IIS||Install SSL certificates on IIS servers|
|Jetty||Install SSL certificates on Jetty servers|
|GlassFish||Install SSL certificates on GlassFish servers|