All Products
Search
Document Center

Configure HTTPS Secure CDN

Last Updated: May 19, 2022

HTTPS is used for secure communication over networks. Simply put, HTTPS is a secure version of HTTP, that is, HTTP is encapsulated with SSL or TLS protocol. The secure foundation of HTTPS is SSL or TLS.

HTTPS acceleration benefits

Key information of users is encrypted during transmission to prevent security risks such as sensitive information leakage caused by session ID or cookie content being captured by attackers.

Data integrity is verified during transmission to prevent DNS or content from being hijacked, tampered with, and other man-in-the-middle attacks (MITM) by third parties.

Alibaba Cloud Live provides an HTTPS Secure CDN solution. You only need to enable the Secure CDN mode to upload the certificate or private key of the accelerated domain name. You can view, disable, enable, and edit the certificate.

The certificate is configured correctly and is enabled. Both HTTP access and HTTPS access are supported. The certificate does not match or the certificate is disabled. Only HTTP access is supported.

Usage notes

Configurations

Description

Description

Disable and Enable HTTPS

After Disable, HTTPS requests are not supported and the certificate or private key information is no longer retained. After you Enable the certificate, you must upload the certificate or private key again.

View a certificate

You can view a certificate. However, you cannot view a private key because it is sensitive. Keep your certificate information safe.

Change or edit a certificate

You can change or edit a certificate. It requires 5 minutes for an updated certificate to take effect. Exercise caution when you perform this operation.

Certificate-related

  • For an accelerated domain with the HTTPS Secure CDN feature enabled, you must upload a certificate, which contains the certificate or private key, in the PEM format.

Note

ApsaraVideo Live uses NGINX-based Tengine Web Server. Therefore, ApsaraVideo Live supports only PEM certificates that can be read by NGINX.

  • Only SSL or TLS handshakes with SNI information are supported.

  • The uploaded certificate must match the private key. Otherwise, the certificate and private key fail the verification.

  • It requires 5 minutes for an updated certificate to take effect.

  • A private key cannot carry a password.

Procedure

Step 1: Purchase a certificate

To enable the HTTPS Secure CDN, you must have a certificate that matches the accelerated domain name. On the Alibaba Cloud Security Certificates Service page, click Buy Now to purchase a certificate.

Step 2: Configure a live domain

  1. Open the HTTPS Secure CDN.

    1. Log on to the ApsaraVideo Live console.

    2. Click Domain Names, select the streaming domain name for which you want to configure HTTPS Secure CDN, and click Domain Name Configuration.

    3. Click HTTPS Configuration, and then click Switch under HTTPS Certificate.

      开启https证书配置
  2. Select a certificate.

    Alibaba Cloud Live supports two types of certificate deployment.

    • Self-owned certificate: You must specify the certificate name and upload the certificate content and private key. The certificate is saved in the Alibaba Cloud Security Certificates console. You can view the certificate in the My Certificates section.

    • Alibaba Cloud Certificate: supports certificates purchased in Alibaba Cloud Security Certificates Service. You can directly select the name of the certificate to adapt to the accelerated domain name.

      确认证书类型
      Note

      Only the certificate format of PEM is supported.

  3. Set the redirect type.

    Click Modify Configuration on the right of Redirect Type. 修改跳转类型2

    You can set forced redirection to customize the original request method of the user.

    For example, after HTTP > HTTPS redirect is enabled, the user initiates an HTTP request, the server returns a 302 redirect response, and the original HTTP request is forcibly redirected to an HTTPS request.

    • Default: Compatible with HTTP and HTTPS requests.

    • HTTP > HTTPS redirect: User requests are forcibly redirected to HTTPS requests.

    • HTTPS > HTTP redirect: The user's request is forcibly redirected to an HTTP request.

      修改跳转类型详细

Step 3: Verify that the certificate takes effect

After a certificate is uploaded, it takes effect within 1 minute. To verify that the HTTPS certificate takes effect, send HTTPS requests to access resources. If the URL is displayed with a lock icon in the address bar of the browser, HTTPS secure acceleration is working as expected.

验证证书生效