All Products
Search
Document Center

Alibaba Cloud SDK:Configure HTTPS and TLS settings in the SDK

Last Updated:Jun 16, 2026

Configure HTTPS, TLS certificate validation, and custom CA certificates for the Alibaba Cloud SDK V1.0 for PHP to secure your API calls and manage connections in specific network environments.

Understand the V1.0 SDK defaults

The legacy V1.0 SDK has different default behaviors than V2.0 SDKs:

  • Default protocol is HTTP: Unlike V2.0 SDKs, the V1.0 SDK defaults to HTTP. You must explicitly enable HTTPS for each request.

  • Certificate validation is on by default: When you enable HTTPS, the SDK automatically validates the server's TLS certificate.

Set the request protocol

The SDK defaults to HTTP, so you must enable HTTPS on each request to encrypt data in transit.

Generic RPC request (Recommended)

$result = AlibabaCloud::rpc()
    ->product('Ecs')
    ->version('2014-05-26')
    ->action('DescribeRegions')
    ->regionId('cn-hangzhou')
    ->scheme('https')
    ->verify(true)
    ->request();

Specialized request

This style uses product-specific generated classes.

use AlibabaCloud\Ecs\Ecs;

$request = Ecs::v20140526()->describeRegions();
$result = $request
    ->scheme('https')
    ->verify(true)
    ->version('2014-05-26')
    ->product('Ecs')
    ->action('DescribeRegions')
    ->regionId('cn-hangzhou')
    ->request();

Generic ROA request

$result = AlibabaCloud::roa()
    ->product('CS')
    ->version('2015-12-15')
    ->action('DescribeClustersV1')
    ->pathPattern('/api/v1/clusters')
    ->regionId('cn-hangzhou')
    ->options([
        'query' => [
        ],
    ])
    ->scheme('https')
    ->verify(true)
    ->request();

Use the system's CA bundle (Recommended)

Set the request scheme to https and set verify to true. This is the recommended secure configuration.

$result = AlibabaCloud::rpc()
    ->scheme('https')    // Enable HTTPS
    ->verify(true)     // Enable certificate verification using the system's CA bundle
    // ... other request parameters
    ->request();

Use a custom CA certificate

If your network uses a proxy with its own certificate, provide a custom Certificate Authority (CA) bundle. You can configure this at the request level or the client level.

Request-level configuration

Apply the setting to a single request. This is useful for endpoints that require a different CA.

<?php

use AlibabaCloud\Client\AlibabaCloud;

$request = AlibabaCloud::rpc()
                       ->product('Sts')
                       ->version('2015-04-01')
                       ->action('GenerateSessionAccessKey')
                       ->host('sts.ap-northeast-1.aliyuncs.com');


// Use a custom CA certificate file 
$request->verify(['verify' => '/path/to/cert.pem']);
// Use a custom CA certificate file that is password-protected 
$request->verify(['verify' => ['/path/to/cert.pem','password']]);

Client-level configuration

Apply the setting to the default client so that all subsequent requests use the custom CA bundle.

<?php

use AlibabaCloud\Client\AlibabaCloud;


// Use a custom CA certificate file 
AlibabaCloud::getDefaultClient()
            ->verify(['verify' => '/path/to/cert.pem'])
            ->asDefaultClient();

// Use a custom CA certificate file that is password-protected 
AlibabaCloud::getDefaultClient()
            ->verify(['/path/to/cert.pem','password'])
            ->asDefaultClient();

Disable TLS certificate validation

Important

Disabling certificate validation is a security risk. Only use this option for testing in trusted environments. Never disable certificate validation in production code.

To skip certificate validation, set the verify parameter to False.

$result = AlibabaCloud::rpc()
    ->scheme('https')
    // This option skips certificate validation for a single API call.
    ->verify(false) 
    // ... other request parameters
    ->request();

References

Guzzle Request Options: verify: The underlying HTTP client documentation for certificate verification.