To use a custom domain name to access Object Storage Service (OSS) resources over
HTTPS, you must first purchase an SSL certificate. You can purchase an SSL certificate
from a certificate authority (CA) or purchase Alibaba Cloud SSL Certificates Service
and host your certificate in OSS.
Host your certificate by using one of the following methods based on your actual scenario:
Host a certificate for an accelerated domain name
If you map an accelerated domain name to your bucket, perform the following steps
to host your certificate in the CDN console. For more information about how to map
an accelerated domain name to a bucket, see Map accelerated domain names.
- Log on to the Alibaba Cloud CDN console.
- Click Domain Names. On the page that appears, click Manage in the Actions column that corresponds to the domain name for which you want to upload
an SSL certificate.
- In the left-side navigation pane, click HTTPS. In the HTTP Certificate section, click Modify.
- In the Modify HTTPS Settings dialog box, turn on HTTPS Secure Acceleration and then set the HTTPS certificate parameters described in the following table.
| Parameter |
Description |
| Certificate Source |
An SSL certificate can be obtained from the following sources:
- SSL Certificates Service: Select the certificate that you purchase from SSL Certificates Service from the
drop-down list.
- Custom Certificate (Certificate+Private Key): If the required certificate cannot be found in the drop-down list, you can upload
a custom certificate. Then, set Certificate Name and enter the certificate content
in the Certificate (Public Key) section and the private key in the Private Key section.
The uploaded certificate is saved to SSL Certificates Service. If a message appears,
which indicates that the certificate already exists, change the certificate name and
try to upload the certificate again. After you upload a certificate, you can view
the certificate in the SSL Certificates Service console.
- Upload Custom Certificate (Certificate): If you do not want to upload your private key, you must create a Certificate Signing
Request (CSR) in the Alibaba Cloud CDN console and apply for a certificate from a
CA. For more information, see Manage CSRs.
- Free Certificate: If you want to use free SSL certificates for HTTPS secure acceleration, select this
option. Free SSL certificates cannot be managed in the SSL Certificates Service console.
The public keys and private keys of free SSL certificates cannot be viewed in the
SSL Certificates Service console. A free certificate takes effect around 10 minutes
after you save the free certificate configuration.
In general, free certificates are issued within one to two business days. The validity
period of free certificates is one year. Within the validity period of a free certificate,
you do not need to apply for a new free certificate each time you enable HTTPS secure
acceleration. You must apply for a new certificate only if the current one expires.
|
| Certificate Name |
You need to configure this parameter only when you select SSL Certificates Service or Custom Certificate (Certificate+Private Key) for Certificate Source.
|
| Certificate (Public Key) |
You need to configure this parameter only when you select Custom Certificate (Certificate+Private Key) or Upload Custom Certificate (Certificate) for Certificate Source. For more information, click PEM Encoding Reference under
the Certificate (Public Key) section.
|
| Private Key |
You need to configure this parameter only when you select Custom Certificate (Certificate+Private Key) for Certificate Source. For more information, click PEM Encoding Reference under
the Private Key field.
|
- Click OK.
After you configure an SSL certificate, the certificate takes effect in about a minute.
You can access one of your OSS buckets over HTTPS to check whether HTTPS secure acceleration
takes effect. If the
icon precedes the HTTPS URL of the bucket in the address bar of your browser, it
indicates that HTTPS secure acceleration takes effect.
HTTPS secure acceleration is a value-added service. After you enable this service,
you are charged based on the number of HTTPS requests. For more information about
the billing of this service, see Billing of value-added services.
Host a certificate for a custom domain name
If you map a custom domain name to your bucket, perform the following steps to host
your certificate in the OSS console.
- Log on to the OSS console.
- In the left-side navigation pane, click Buckets. On the Buckets page, click the name of the desired bucket.
- In the left-side navigation pane, choose .
- Click Upload Certificate in the Actions column that corresponds to the custom domain name for which you want
to host an SSL certificate.
- In the Upload Certificate panel, select SSL Certificates or Upload a Certificate (Public Key + Private Key) for Certificate Source. For more information about the configuration of the two certificate
types, see Modify HTTPS Settings.
If you select SSL Certificates for Certificate Source, you can deploy the SSL certificate
in the SSL console with a link and associate the certificate with your custom domain
names. For more information, see
Deploy a certificate to an Alibaba Cloud service. If you select Upload a Certificate (Public Key + Private Key) for Certificate Source,
you must configure Public Key and Private Key. After you obtain an SSL certificate,
you can obtain the public key and private key information from the following files:
You can select Show PEM Encoding Example to view examples of the public key and the private key. For more information about
the certificate format, see Certificate formats.
- Click Upload.