All Products
Search

This Product

    Object Storage Service:Host SSL certificates

    Document Center

    Object Storage Service:Host SSL certificates

    Last Updated:Mar 04, 2025

    To use a custom domain name to access Object Storage Service (OSS) resources over HTTPS, you must first purchase an SSL certificate and host the SSL certificate in OSS. You can purchase an SSL certificate from a certificate authority (CA) or purchase Alibaba Cloud SSL Certificates Service. The SSL certificate must match the custom domain name. If you are using a subdomain, the certificate must include that specific subdomain.

    SSL certificate hosting methods

    Host a certificate for an accelerated domain name

    If you map an accelerated domain name to your bucket, perform the following steps in the Alibaba Cloud CDN console to host your certificate. For more information about how to map an accelerated domain name to a bucket, see Map accelerated domain names.

    1. Log on to the Alibaba Cloud CDN console.

    2. In the left-side navigation pane, choose Content Delivery > Domain Names. On the Domain Names page, locate the domain name in the domain name list and click Manage in the Actions column.

    3. In the left-side navigation tree, click HTTPS and click Modify next to HTTPS Certificate.

    4. In the Modify HTTPS Settings dialog box, turn on HTTPS Secure Acceleration and configure the HTTPS certificate parameters described in the following table.

      Parameter

      Description

      Certificate Source

      Certificate Source supports the following options. You can switch between the options.

      • SSL Certificates Service: Select the certificate that you purchase from SSL Certificates Service from the Certificate Name drop-down list.

        You can apply for SSL certificates from various CAs and of different types in the Certificate Management Service console.

      • Custom Certificate (Certificate+Private Key): If no matching certificate is available in the drop-down list, you can upload a custom certificate. Then, set Certificate Name and enter the certificate content in the Certificate (Public Key) field and the private key in the Private Key field. The uploaded certificate is saved to SSL Certificates Service. If you receive a message that indicates the certificate already exists, change the certificate name and upload the certificate again. After you upload a certificate, you can view the certificate in the Certificate Management Service console.

        Note

        The uploaded SSL certificate must match the private key. Otherwise, requests that are sent from clients fail the authentication.

      Certificate Name

      The name of the certificate.

      Certificate (Public Key)

      You need to configure this parameter only when you select Custom Certificate (Certificate+Private Key) for Certificate Source. For more information, click PEM Encoding Reference below the Certificate (Public Key) field.

      Private Key

      You need to configure this parameter only if you select Custom Certificate (Certificate+Private Key) for Certificate Source. For more information, click PEM Encoding Reference below the Private Key field.

    5. Click OK.

      After you configure an SSL certificate, the certificate takes effect in approximately 1 minute. You can check whether your HTTPS access settings take effect by using HTTPS to access resources in the bucket. If the https icon appears before the URL, your HTTPS access settings are effective. To maintain secure access over HTTPS, you need to configure a new certificate before the existing certificate expires.http

      HTTPS secure acceleration is a value-added service. After you enable this service, you are charged based on the number of HTTPS requests. For more information about the billing of HTTPS secure acceleration, see Billing of value-added services.

    Host a certificate for a custom domain name

    If you map a custom domain name to your bucket, perform the following steps in the OSS console to host your certificate:

    1. Log on to the OSS console.

    2. In the left-side navigation pane, click Buckets. On the Buckets page, find and click the desired bucket.

    3. In the left-side navigation pane, choose Bucket Settings > Domain Names.

    4. Locate the domain name for which you want to host an SSL certificate and click Upload Certificate.

    5. In the Upload Certificate panel, select a certificate from the drop-down list and click Upload.

      Note

      Only the certificates that match the custom domain name are displayed.

      After you select a certificate, the public key of the certificate is displayed. For security reasons, the private key is not displayed.

      Important

      You cannot upload a custom certificate in the OSS console. If no certificates are available, you need to purchase or upload a certificate first. For more information about how to purchase a certificate, see Purchase an official certificate. For more information, see Upload an SSL certificate.

    FAQ