Add an additional certificate

This topic describes how to add an additional certificate to a listener of a Classic Load Balancer (CLB) instance.

1. Log on to the CLB console.
2. On the Instances page, click the ID of the CLB instance that you want to manage.
3. On the Listener tab, find the HTTPS listener that you created and choose > Manage Additional Certificate in the Actions column.
4. In the Manage Additional Certificate panel, click Add Additional Certificate.
   1. Enter a domain name. The domain name can contain only letters, digits, hyphens (-), and periods (.). It must start with a letter or digit.
      Domain name-based forwarding rules support exact matching and wildcard matching.

      • You can specify a specific domain name such as www.aliyun.com in a forwarding rule.
      • You can also specify a wildcard domain name such as *.aliyun.com or *.market.aliyun.com in a forwarding rule.

        If a request matches multiple domain-based forwarding rules, exact matching prevails over wildcard matching. If multiple wildcard domain name are matched, the higher-level wildcard domain name prevails over the lower-level wildcard domain name. The following table describes the priorities of domain name-based forwarding rules.

        Type	Request URL	Domain name-based forwarding rule
        		www.aliyundoc.com	*.aliyundoc.com	*.market.aliyundoc.com
        Exact matching	www.aliyun.com	√	×	×
        Wildcard matching	market.aliyun.com	×	√	×
        Wildcard matching	info.market.aliyun.com	×	×	√

   2. Select the certificate that is associated with the domain name.
      Note

      • The domain name of the certificate must be the same as that of the additional certificate.
      • If multiple wildcard certificates are added, only the first wildcard certificate can be matched.
   3. Click OK.
      After you add an additional certificate, you must create a forwarding rule based on the domain name associated with the additional certificate. Otherwise, the additional certificate is invalid.
5. Optional:To create a forwarding rule, perform the following operations:
   1. On the Note page, click Configure Rule. You can also click the ID of the CLB instance on the Instances page and click the Listeners tab.
   2. Find the HTTPS listener that you want to manage and click Set Forwarding Rule in the Actions column.
   3. In the Add Forwarding Rules panel, click Add Forwarding Rules.
   4. Set the parameters of the forwarding rule.
      For more information, see Forward requests based on domain names or URLs.

      Note The domain name that you specify in the forwarding rule must be the same as the domain name associated with the additional certificate.