By default, SSL certificates can be used only for one-way authentication. These certificates are used by a client to verify the identity of a server. Alibaba Cloud Dynamic Route for CDN (DCDN) supports the authentication of client certificates. You can add a custom certificate authority (CA) certificate to verify the identity of the client for the server. This way, the client and the server can verify the identity of each other and communication between the website and the user is secured. This topic describes how to enable and configure the authentication on client certificates feature.
Prerequisites
- The SSL Certificate feature is enabled and configured. For more information, see Configure an SSL certificate.
- A client CA certificate is issued.
Procedure
- Log on to the DCDN console.
- In the left-side navigation pane, click Domain Names.
- On the Domain Names page, find the domain name that you want to manage and click Configure in the Actions column.
- In the left-side navigation pane of the domain name, click HTTPS Settings.
- Turn on Authentication on Client Certificates. In the Configure Authentication on Client Certificates dialog box, enter a custom client CA certificate in the Client CA Certificate field.
Turn on Authentication on Client Certificates.
Enter a custom Client CA Certificate in the Client CA Certificate field.
- Click OK. After you enable Authentication on Client Certificates, DCDN checks whether the certificate of a client is valid when the client sends an HTTPS request. If the certificate of the client is valid, the request is allowed. Otherwise, the request is rejected.