ApsaraVideo Live supports HTTPS secure acceleration. You can deploy custom SSL certificates or SSL certificates hosted by Certificate Management Service to Alibaba Cloud CDN to enable HTTPS secure acceleration. This ensures the security of data transmission. This topic describes how to configure and renew an SSL certificate.
Background information
SSL certificates are classified into different types based on the validation levels. Different types of SSL certificates provide different levels of security and are suitable for different websites. For more information, see What is Certificate Management Service?
ApsaraVideo Live supports only certificates that are in the privacy enhanced mail (PEM) format. If your certificates are not in the PEM format, you must convert them into the PEM format. For more information about how to convert the certificate format, see Certificate formats.
The CRT file name extension is short for certificate. The certificate may be in PEM or distinguished encoding rules (DER) format. Before you convert the format of a certificate, check whether the certificate needs to be converted into other formats.
PEM is a text format. A PEM file starts with -----BEGIN ***----- and ends with -----END ***-----. The content between these lines is encoded by using the Base64 algorithm. Both the certificate and private key can be saved in this format. To distinguish a certificate from a private key, change the name extension of a private key file that is in PEM format to .key.
Before you begin
Make sure that your SSL certificate is in a valid format. For more information, see Certificate formats.
If you want to purchase a certificate, log on to the Certificate Management Service console to apply for a free certificate or purchase an advanced certificate.
Configure or renew the SSL certificate
Log on to the ApsaraVideo Live console.
In the left-side navigation pane, choose .
On the Certificates page, click Add Certificate.
In the Add Certificate panel, configure the parameters.
Configure the parameters that are described in the following table and click Next.
Parameter
Description
Certificate Type
By default, Certificate Management Service is selected.
Certificate Name
Select your certificate from the drop-down list.
Certificate (Public Key)
The public key is automatically generated after you select a certificate.
Private Key
The private key is automatically generated after you select a certificate. The private information is masked.
Select the domain name to be associated with the certificate.
NoteIf the selected domain name is already associated with a certificate, the existing certificate is replaced by the certificate added in this step.
You can renew or deploy certificates for multiple domain names at a time based on the association between certificates and domain names.
Click OK.
Query SSL certificates of domain names
Log on to the ApsaraVideo Live console.
In the left-side navigation pane, choose .
On the Certificates page, view the certificate information. You can view information such as Accelerated Domain Name, Certificate Name, and Certificate Status. The following table describes the states of an SSL certificate.
Certificate status
Description
Normal
The SSL certificate is valid.
Not Matched
If the domain name and the certificate do not match, you must renew the certificate. For more information, see the Configure or renew the SSL certificate section of this topic.
Pending Expiration
The SSL certificate is about to expire. Renew your certificate at the earliest opportunity. For more information, see Certificate renewal.
Expired
The SSL certificate has expired. You can renew the certificate based on your business requirements. For more information, see the Configure or renew the SSL certificate section of this topic.
Check whether HTTPS secure acceleration takes effect
After you upload an SSL certificate, the certificate takes effect within 1 minute. To verify whether the SSL certificate takes effect, you can send HTTPS requests to access resources. If the URL is displayed with a lock icon in the address bar of the browser, HTTPS secure acceleration works as expected.