Alibaba Cloud CDN supports HTTPS secure acceleration, which encrypts requests between clients and points of presence (POPs). If you have multiple accelerated domain names that share the same SSL certificate, you can deploy the certificate to all of them at once through the Alibaba Cloud CDN console, instead of configuring each domain name individually.
Billing
HTTPS secure acceleration is a value-added service. After you enable HTTPS, you are charged based on the number of HTTPS requests. Data transfer plans cannot offset these fees. For pricing details, see Billing of HTTPS requests for static content.
Prerequisites
Before you begin, make sure that you have:
An SSL certificate purchased from Certificate Management Service
One or more domain names added to Alibaba Cloud CDN
Only certificates purchased from Alibaba Cloud Certificate Management Service can be deployed to multiple domain names through the CDN console. Certificates issued by a third-party certificate authority (CA) can only be configured for one domain name at a time. For more information, see Configure an SSL certificate.
Deploy or renew an SSL certificate
Log on to the Alibaba Cloud CDN console.
In the left-side navigation pane, click HTTPS Center.
On the Certificate Center page, click Add Certificate.
On the Add Certificate page, configure the following parameters.
Parameter Description Certificate Source Only SSL Certificates Service is supported. Select a certificate purchased from Certificate Management Service. Certificate Name Select the certificate to deploy. Certificate (Public Key) The PEM-encoded public key. For certificates purchased from Certificate Management Service, the system retrieves this automatically. Private Key The PEM-encoded private key. For certificates purchased from Certificate Management Service, the system retrieves this automatically. Click Next.
Select the domain names to associate with the certificate.
ImportantIf a selected domain name already has a certificate, the existing certificate is replaced by the one selected in this step. When Certificate Source is set to SSL Certificates Service, you can deploy or renew the certificate for multiple domain names at a time.
Click OK to deploy or update the certificate.
(Optional) To enable end-to-end HTTPS encryption, configure POPs to redirect requests to origin servers over HTTPS. The origin servers must support HTTPS. For details, see Configure the origin protocol policy.
Verify the certificate deployment
After you deploy an SSL certificate, it takes effect within 1 minute. To verify that HTTPS is active, access a resource on the accelerated domain name over HTTPS. A lock icon in the browser address bar confirms that HTTPS secure acceleration is working.
View certificate details
Log on to the Alibaba Cloud CDN console.
In the left-side navigation pane, click HTTPS Center.
On the Certificate Center page, click the certificate you want to view.
You can view the SSL certificate information configured for the domain name. The private key is not visible. Keep your certificate information confidential.
FAQ
API reference
| API | Description |
|---|---|
| CreateCdnCertificateSigningRequest | Creates a certificate signing request (CSR). |
| DescribeDomainCertificateInfo | Queries certificate information for an accelerated domain name. |
| SetCdnDomainSSLCertificate | Enables, disables, or modifies the certificate for a domain name. |
| SetCdnDomainCSRCertificate | Configures an SSL certificate for a specified domain name. |
| DescribeCdnDomainByCertificate | Queries accelerated domain names by SSL certificate. |
| DescribeCdnCertificateDetail | Queries detailed information about an SSL certificate. |
| DescribeCdnCertificateList | Queries certificates. |
| DescribeCertificateInfoByID | Queries information about a specified SSL certificate. |
| DescribeCdnHttpsDomainList | Queries SSL certificate information within your Alibaba Cloud account. |
| DescribeUserCertificateExpireCount | Queries the number of domain names with expiring or expired SSL certificates. |
| SetCdnDomainSMCertificate | Enables or disables a ShangMi (SM) certificate for a domain name. |
| DescribeCdnSMCertificateList | Queries SM certificates for an accelerated domain name. |
| DescribeCdnSMCertificateDetail | Queries details about an SM certificate. |