All Products
Search

This Product

    Dynamic Content Delivery Network:Enable ShangMi for HTTPS

    Document Center

    Dynamic Content Delivery Network:Enable ShangMi for HTTPS

    Last Updated:Aug 14, 2023

    Alibaba Cloud provides the ShangMi (SM) for HTTPS feature to meet your security requirements. This topic describes how to enable ShangMi for HTTPS.

    Prerequisites

    • An SM certificate is purchased and deployed in the SSL Certificates Service console. For more information, see Step 6.

      Note

      You must purchase an SM certificate in the SSL Certificates Service console. You cannot upload a custom SM certificate.

    • An SSL certificate is configured for your domain name. For more information, see Configure an SSL certificate.

    Background information

    • ShangMi for HTTPS supports the SM2 algorithm and security protocols of the Chinese cryptographic standards. The SM2 algorithm is a public key cryptographic algorithm based on elliptic curves. You can use the Chinese cryptographic algorithm to establish an encrypted connection based on SSL and verify server identities. The browser that you use must support the Chinese cryptographic algorithm.

    • Alibaba Cloud Dynamic Route for CDN (DCDN) provides more secure transmission over HTTPS based on the SM2 and SM3 algorithms. The SM2 algorithm is a public key cryptographic algorithm based on elliptic curves. The SM3 algorithm is a cryptographic hash algorithm.

    • Cipher suites that are supported include ECC-SM2-WITH-SM4-SM3, ECDHE-SM2-WITH-SM4-SM3 and RSA-SM4-CBC-SM3. The cipher suites are used to verify whether the Chinese cryptographic algorithm is enabled.

    • You can use the Chinese cryptographic algorithm for HTTPS only in Linux. If you use AliOS, you must deploy BabaSSL.

    Procedure

    1. Log on to the DCDN console.

    2. In the left-side navigation pane, choose Content Delivery > Domain Names.

    3. On the Domain Names page, find the domain name that you want to manage and click Configure in the Actions column.

    4. Find the domain name for which you want to enable ShangMi for HTTPS, click HTTPS Settings in the Actions column, and then click HTTPS Settings in the left-side navigation pane.

    5. In the ShangMi for HTTPS section, turn on ShangMi for HTTPS.

    6. Optional: If the message No SSL certificate is available appears, click Buy and Configure Certificate.

      1. Log on to the SSL Certificates Service console to purchase a certificate.

      2. Upload the certificate. For more information, see Upload an SSL certificate.

    7. If a certificate is available, select the certificate and click OK to enable ShangMi for HTTPS.

    8. Optional: If you want to disable the ShangMi for HTTPS feature, turn off ShangMi for HTTPS in the ShangMi for HTTPS section.

    Related API operations

    Operation

    Description

    SetDcdnDomainSMCertificate

    Enables or disables an SM certificate for a domain name.

    DescribeDcdnSMCertificateDetail

    Queries the details about an SM certificate.

    DescribeDcdnSMCertificateList

    Queries the SM certificates of an accelerated domain name.