All Products
Search
Document Center

Container Compute Service:Customize the SANs of the API server certificate when you create an ACS cluster

Last Updated:Dec 05, 2024

The API server certificate of a Alibaba Cloud Container Compute Service (ACS) cluster contains the Subject Alternative Name (SAN) field. By default, this field contains the domain name of the cluster, private IP address of the Server Load Balancer (SLB) instance associated with the API server of the cluster, and the private IP address and elastic IP address (EIP) of the API server. If you require proxy-based access or cross-domain access, you can customize the SANs for an existing cluster in the ACS console.

Prerequisites

An ACS cluster is created. For more information, see Create an ACS cluster.

Important

You cannot customize the SANs for an ACS cluster when you create the cluster. You can only update the SANs for an existing ACS cluster.

SAN overview

SAN is an extension to X.509. SAN allows you to associate various values with an SSL certificate by adding the values to the subjectAltName field. The values can be IP addresses, domain names, URIs, or email addresses.

Customize the SANs of the API server certificate of a cluster

Important

After you update or modify the custom SANs of the API server certificate for an existing cluster, the API server will restart. Perform this operation during off-peak hours.

  1. Log on to the ACS console. In the left-side navigation pane, click Clusters.

  2. On the Clusters page, click the ID of the cluster that you want to manage or click Details in the Actions column of the cluster.

  3. On the cluster details page, click the Basic Information tab and click Update on the right side of Custom Certificate SANs.

  4. In the Update Custom SAN dialog box, configure the Custom Certificate SANs parameter and click OK.