All Products
Search

This Product

    Edge Security Acceleration:Client certificates

    Document Center

    Edge Security Acceleration:Client certificates

    Last Updated:Sep 19, 2024

    Configuring SSL/TLS client certificates enables mutual authentication for secure communication over mutual TLS (mTLS) between clients and points of presence (POPs) in Dynamic Content Delivery Network (DCDN).

    Issue client certificates

    You can use the certificate authority (CA) of DCDN to create client certificates and deploy the client certificates on your mobile applications. A unique CA is created for each Alibaba Cloud account. All client certificates issued by the CA of DCDN are considered trusted by POPs.

    Create a certificate

    1. Log on to the DCDN console.

    2. In the left-side navigation pane, click Websites.

    3. On the Websites page, find the website that you want to manage, and click the website name or View Details in the Actions column.

    4. In the left-side navigation pane, choose SSL/TLS > Client Certificates.

    5. In the Client Certificates section, click Create Certificate.

    6. Set the CSR Generation, Private Key Type, and Certificate Validity fields based on your requirements.

      Note

      The default validity period of a certificate is one year.

    7. Click OK.

      Important

      In the Preview Certificate dialog box, click Copy Certificate and Copy Private Key and paste the content to your client. After you close the dialog box, the certificate and private key are no longer displayed in DCDN.

    Associate a client certificate with domain names

    1. Log on to the DCDN console.

    2. In the left-side navigation pane, click Websites.

    3. On the Websites page, find the website that you want to manage, and click the website name or View Details in the Actions column.

    4. In the left-side navigation pane, click SSL/TLS.

    5. In the Domain Names section of the Client Certificates page, click Configure.

    6. Specify domain names in the Domain Name field.

      Note

      • The specified domain names must be subdomains of the website.

      • You can associate a client certificate with up to 50 subdomains of the website at the same time.

    7. Click OK.

    Revoke a certificate

    If you no longer use a certificate, you can revoke the certificate by using the following steps:

    1. Log on to the DCDN console.

    2. In the left-side navigation pane, click Websites.

    3. On the Websites page, find the website that you want to manage, and click the website name or View Details in the Actions column.

    4. In the left-side navigation pane, click SSL/TLS.

    5. Click Client Certificates. On the Client Certificates page, find the certificate and click Revoke in the Actions column.

    6. In the message that appears, select the I confirm that the certificate is no longer required check box and click OK.