All Products
Search
Document Center

Anti-DDoS:Upload an SSL certificate

Last Updated:Mar 26, 2024

If your website uses HTTPS, you must upload an SSL certificate. This way, Anti-DDoS Proxy can scrub HTTPS traffic. This topic describes how to upload an SSL certificate.

Usage notes

  • If the SSL certificate of your website is changed, update the certificate in the Anti-DDoS Proxy console. Otherwise, HTTPS traffic cannot be processed as normal.

  • Anti-DDoS Proxy (Chinese Mainland) supports certificates that use internationally accepted algorithms and ShangMi (SM) certificates. Anti-DDoS Proxy (Outside Chinese Mainland) supports only certificates that use internationally accepted algorithms.

  • If your website supports both certificates that use internationally accepted algorithms and SM certificates, you must upload certificates of the two types.

Prerequisites

  • A website that supports HTTPS is added to Anti-DDoS Proxy. For more information, see Add websites.

  • The certificate is uploaded to the Certificate Management Service console. For more information, see Upload an SSL certificate.

Upload a certificate that uses internationally accepted algorithms

  1. Log on to the Anti-DDoS Proxy console.

  2. In the top navigation bar, select the region of your instance.

    • Anti-DDoS Proxy (Chinese Mainland): If your instance is an Anti-DDoS Proxy (Chinese Mainland) instance, select Chinese Mainland.

    • Anti-DDoS Proxy (Outside Chinese Mainland): If your instance is an Anti-DDoS Proxy (Outside Chinese Mainland), select Outside Chinese Mainland.

  3. In the left-side navigation pane, choose Provisioning > Website Config.

  4. On the Website Config page, find the domain name that you want to manage and click the 编辑图标 icon to the right of SSL Certificate in the Certificate Status column.

  5. In the Upload Certificate and Private Key dialog box, select an existing certificate.

    • Select Existing Certificate: If you have uploaded a certificate to Certificate Management Service, you can select the certificate.

    • Upload: If you have not uploaded a certificate to Certificate Management Service, you can manually upload a certificate. Specify Certificate Name, copy and paste the content of the certificate file to the Certificate File field, and then copy and paste the content of the private key file to the Private Key field.

      Note
      • If the certificate file is in the PEM, CER, or CRT format, you can use a text editor to open the certificate file and copy the file content. If the certificate file is in other formats, such as PFX and P7B, you must convert the file into the PEM format and then use a text editor to open the file and copy the file content. For information about how to convert the format of a certificate file, see Use the certificate toolkit or How do I convert an HTTPS certificate to the PEM format?

      • If the certificate file includes multiple certificates, such as a certificate chain, you must concatenate the content of these certificates and copy the concatenated content to the Certificate File field.

      Sample certificate

      Sample content in a certificate file

      -----BEGIN CERTIFICATE----- 
      xxxxxxxxxxxxvs6MTXcJSfN9Z7rZ9fmxWr2BFN2XbahgnsSXM48ixZJ4krc+1M+j2kcubVpsE2cgHdj4v8H6jUz9Ji4mr7vMNS6dXv8PUkl/qoDeNGCNdyTS5NIL5ir+g92cL8IGOkjgvhlqt9vc65Cgb4mL+n5+DV9uOyTZTW/MojmlgfUekC2xiXa54nxJf17Y1TADGSbyJbsC0Q9nIrHsPl8YKkvRWvIAqYxXZ7wRwWWmv4TMxFhWRiNY7yZIo2ZUhl02SIDNggIEeg==
      -----END CERTIFICATE-----

      Sample content in a private key file

      -----BEGIN RSA PRIVATE KEY-----
      xxxxxxxxxxxxtZ3UKHJTRgNQmioPQn2bqdKHop+B/dn/4VZL7Jt8zSDGM9sTMThLyvsmLQKBgQCr+ujntC1kN6pGBj2Fw2l/EA/W3rYEce2tyhjgmG7rZ+A/jVE9fld5sQra6ZdwBcQJaiygoIYoaMF2EjRwc0qwHaluq0C15f6ujSoHh2e+D5zdmkTg/3NKNjqNv6xA2gYpinVDzFdZ9Zujxvuh9o4Vqf0YF8bv5UK5G04RtKadOw==
      -----END RSA PRIVATE KEY-----

Upload an SM certificate

Important
  • After you upload the SM certificate, if you want Anti-DDoS Proxy (Chinese Mainland) to protect requests from clients on which an SM certificate is installed, you must turn on Enable SM Certificate-based Verification in the TLS Security Settings dialog box. For more information, see Configure a custom TLS security policy.

  • If clients do not support server name indication (SNI), Anti-DDoS Proxy (Chinese Mainland) returns the default SM certificate, and the message "The server certificate cannot be trusted" is displayed.

  1. Log on to the Anti-DDoS Proxy console.

  2. In the top navigation bar, select Chinese Mainland.

  3. In the left-side navigation pane, choose Provisioning > Website Config.

  4. On the Website Config page, find the domain name that you want to manage and click the 编辑图标 icon to the right of SM Certificate in the Certificate Status column.

  5. In the Upload Certificate and Private Key dialog box, upload an SM certificate.

    You must upload an SM certificate to Certificate Management Service before you can select the certificate.

FAQ