Alibaba Cloud CDN supports HTTPS secure acceleration to encrypt requests between clients and points of presence (POPs). If your SSL certificate is purchased from Certificate Management Service, you can deploy the certificate for multiple domain names in Alibaba Cloud CDN to enable HTTPS secure acceleration.
Limits
You can deploy a certificate purchased from Alibaba Cloud Certificate Management Service for multiple domain names in the Alibaba Cloud CDN console.
You can configure a certificate that is issued by a third-party certificate authority (CA) for only one domain name at a time. For more information, see Configure an SSL certificate.
Configure or renew an SSL certificate
HTTPS secure acceleration is a value-added service. After you enable HTTPS, you are charged based on the number of HTTPS requests. You cannot use data transfer plans to offset the fees. For more information about the pricing of HTTPS secure acceleration, see Billing of HTTPS requests for static content.
Log on to the Alibaba Cloud CDN console.
In the left-side navigation pane, click HTTPS Center.
On the Certificate Center page, click Add Certificate.
Select a certificate.
On the Add Certificate page, configure the parameters. The following table describes the parameters.
Parameter
Description
Certificate Source
Only SSL Certificates Service is supported. You can select only certificates purchased from Certificate Management Service.
Certificate Name
Select a purchased certificate.
Certificate (Public Key)
The PEM-encoded public key. For certificates purchased from Certificate Management Service, the PEM-encoded public key is automatically obtained by the system.
Private Key
The PEM-encoded private key. For certificates purchased from Certificate Management Service, the PEM-encoded private key is automatically obtained by the system.
Click Next.
Associate one or more domain names with the certificate.
ImportantIf a selected domain name is already associated with a certificate, the existing certificate will be replaced by the selected certificate in this step.
If you set Certificate Source to SSL Certificates Service, you can renew or deploy the specified certificate for multiple domain names at a time.
Click OK to deploy or update the certificate.
Optional. Configure POPs to redirect requests to origin servers over HTTPS if you want to enable end-to-end HTTPS encryption. Make sure that the origin servers support HTTPS. For more information, see Configure the origin protocol policy.
Check whether HTTPS takes effect
After you upload an SSL certificate, the certificate takes effect within 1 minute. To check whether the SSL certificate takes effect, you can send HTTPS requests to access resources. If the URL is displayed with a lock icon in the address bar of the browser, HTTPS secure acceleration is working as expected.
View the configured SSL certificate
Log on to the Alibaba Cloud CDN console. In the left-side navigation pane, choose HTTPS Center. On the Certificate Center page, click the certificate that you configured for the domain name.
You can view the information about the SSL certificate configured for the domain name. However, you cannot view the private key. Keep the certificate information confidential.
FAQ
Related API operations
| API operation | Description |
| CreateCdnCertificateSigningRequest | Creates a certificate signing request (CSR). |
| DescribeDomainCertificateInfo | Queries the certificate information about an accelerated domain name. |
| SetDomainServerCertificate | Enables or disables the certificate of a domain name, and modifies the certificate information. |
| SetCdnDomainCSRCertificate | Configures an SSL certificate for a specified domain name. |
| DescribeCdnDomainByCertificate | Queries accelerated domain names by SSL certificate. |
| DescribeCdnCertificateDetail | Queries the detailed information about an SSL certificate. |
| DescribeCdnCertificateList | Queries information about certificates. |
| DescribeCertificateInfoByID | Queries the information about a specified SSL certificate. |
| BatchSetCdnDomainServerCertificate | Enables or disables the certificates of domain names, and modifies the certificate information. |
| DescribeCdnHttpsDomainList | Queries the information about the SSL certificates within your Alibaba Cloud account. |
| DescribeUserCertificateExpireCount | Queries the number of domain names whose SSL certificates are about to expire or have already expired. |
| SetCdnDomainSMCertificate | Enables or disables a ShangMi (SM) certificate for a domain name. |
| DescribeCdnSMCertificateList | Queries the SM certificates of an accelerated domain name. |
| DescribeCdnSMCertificateDetail | Queries the details about an SM certificate. |