HTTPS encrypts data by using the TLS/SSL protocol based on HTTP. This prevents data from being monitored, intercepted, or tampered with by third parties. You can configure an SSL certificate in the DCDN console to encrypt requests between the clients and DCDN to ensure data security.
Benefits
HTTPS secure acceleration protects communications from eavesdropping, tampering, impersonation attacks, and man-in-the-middle (MITM) attacks. HTTPS encrypts critical information in transit such as session IDs and cookies. This minimizes the risk of sensitive information leaks.
HTTPS is the new standard. If you use HTTP, your website may be exposed to security risks and users who visit your website are prompted that the website is not secure. This compromises user experience.
Mainstream search engines assign a higher weight to HTTPS-capable websites. After you enable HTTPS for your website, the website can achieve a higher ranking in search engine results.
SSL/TLS certificates
SSL is located between the TCP/IP protocol and various application layer protocols. Clients, such as browsers, can use SSL to verify the authenticity and integrity of connections between servers and clients, and encrypt data for transmission.
Internet Engineering Task Force (IETF) standardized SSL and changed the name to Transport Layer Security (TLS). Therefore, the protocol is referred to as SSL/TLS.
SSL certificates use the SSL protocol for communications. SSL certificates are credentials that are issued by certificate authorities (CAs) to websites to authenticate the identities of websites and encrypt data for transmission.
Billing
HTTPS secure acceleration is a value-added feature. After you enable HTTPS, you are charged based on the number of HTTPS requests. For more information, see Billing of HTTPS and HTTP requests.
HTTPS requests are separately billed, and the fees cannot be offset by data transfer plans of Dynamic Content Delivery Network (DCDN). Make sure that you have a sufficient balance in your Alibaba Cloud account. Otherwise, overdue payments may occur and cause service suspension.
End-to-end data transfer over HTTPS
The following figure shows how HTTPS encryption works when a client initiates a request to a server.
Configure an SSL certificate for your domain name in the DCDN console to allow HTTPS connections between clients and points of presence (POPs).
NoteHTTPS secure acceleration is a value-added feature that is billed based on the number of HTTPS requests. For more information, see Billing of HTTPS and HTTP requests.
Configure an SSL certificate on the origin server and configure origin fetch over HTTPS. For more information, see Configure the static origin protocol policy.
NoteIf you want to implement end-to-end data transfer over HTTPS, make sure that the origin server supports HTTPS before you configure origin fetch over HTTPS. For more information, see Configure the static origin protocol policy.
Configure HTTPS secure acceleration between clients and POPs
Step 1: Prepare a certificate for the accelerated domain name
Only certificates in the PEM format are supported. You can convert certificates in other formats to the PEM format. For more information, see Convert certificate formats.
You can apply for a free certificate or purchase an advanced certificate in the Certificate Management Service console.
You can also apply for a certificate from a third-party CA. The issued certificate must meet the certificate format requirements. For more information, see Certificate formats.
Step 2: Enable HTTPS secure acceleration
Required. After you prepare an SSL certificate, configure the certificate for the accelerated domain name before you enable HTTPS secure acceleration. For more information, see Configure an SSL certificate.
Optional. Configure more features based on your business requirements.
Category
Feature
Description
Configure client access protocols
You can use 301 redirection to redirect HTTP requests from clients to POPs to HTTPS or redirect HTTPS to HTTP.
You can configure HSTS to force clients, such as browsers, to connect to POPs over HTTPS. This reduces the risk of cookie hijacking.
Specify the protocol version
HTTP/2, originally named HTTP/2.0, is the first new version of HTTP since HTTP/1.1. HTTP/2 is a binary protocol that supports multiplexing and header compression. This protocol improves web performance and reduces network latency.
After you configure a TLS version, only clients that use the specific version of TLS can send requests to and receive requests from POPs. This meets the security requirements of communication links.
Accelerate the validation of the SSL certificate
POPs cache certificate verification results and then send the results to clients without the need for the clients to verify certificates with the CAs. This reduces the verification time.