Overview
This article mainly describes how to configure intermediate certificates for Alibaba Cloud Content Delivery Network accelerated domain names.
Background information
You must purchase an advanced HTTPS certificate or apply for a free HTTPS certificate in the Alibaba Cloud Security console. For more information about the authentication methods and configuration methods of HTTPS certificates, see Configure HTTPS certificates.
Background information
The SSL Certificates Service issued by the intermediate CA agency includes a domain name certificate and an intermediate CA certificate. The intermediate CA certificate is a certificate used to verify the legitimacy of the intermediate CA organization. If the intermediate CA certificate is not correctly configured, an error message may appear when some browsers access HTTPS services, "The security certificate issued by the website is not issued by a trusted certificate authority".
Note: Currently, the Alibaba Cloud Content Delivery Network only supports certificates in
PEM
format. If your certificate is not in PEM format, please perform format conversion. Please refer to Certificate Format Conversion for operation methods.
CA certificate configuration method
When an intermediate CA agency issues a certificate, it typically provides a certificate file that is adapted to different Web service programs.
In different Web service programs, the configuration method of intermediate CA certificate is different. Please refer to the following steps to configure CA certificate.
- The Tengine service used by Alibaba Cloud Content Delivery Network is developed based on Nginx, so the Nginx version of the certificate file should be selected when configuring the certificate of Alibaba Cloud Content Delivery Network accelerated domain name.
- If your certificate file does not have the version of Nginx, it is a separate domain name certificate file and an intermediate CA certificate file (usually an intermediate.crt file). You can manually edit the text and splice the contents of the domain name certificate file and the intermediate CA certificate file together. The splicing rule is: the domain name certificate is placed in the front, the middle certificate is in the back, and there is no need to have empty lines in the middle.
- Fill in the spliced content in the certificate content input box on the Alibaba Cloud Content Delivery Network certificate configuration page.
Application scope
- CDN