ApsaraVideo Live supports HTTPS secure acceleration. You can upload a custom certificate or deploy a certificate hosted in Alibaba Cloud SSL Certificates Service to the CDN platform. This enables HTTPS secure acceleration and encrypts data transmissions across the network. This topic describes how to configure and update an HTTPS certificate.
Background information
Certificates are classified by validation level. Different types of certificates provide different levels of security and are suitable for different websites. For more information, see What is Certificate Management Service?.
ApsaraVideo Live supports only certificates in the Privacy-Enhanced Mail (PEM) format. If your certificate is not in PEM format, you must convert it. For more information about how to convert the format of a certificate, see Convert the format of a certificate.
The .crt file extension stands for certificate. The certificate may be in PEM or Distinguished Encoding Rules (DER) format. Before converting the format of a certificate, confirm whether conversion is required.
PEM is a text format. A PEM file starts with -----BEGIN ***----- and ends with -----END ***-----. The content between these lines is Base64-encoded. This format can store both a certificate and a private key. To distinguish a certificate from a private key, the file extension of a private key in PEM format is typically changed to .key.
Before you begin
Make sure that your HTTPS certificate is in a supported format. For more information, see Certificate format requirements.
To purchase a certificate, apply for a free trial certificate or a commercial certificate in the Certificate Management Service console.
Configure or update an HTTPS certificate
Log on to the ApsaraVideo Live console.
In the navigation pane on the left, choose .
On the Certificates page, click Add Certificate.
On the Configure Certificate page, set the certificate parameters:
Select a certificate, set the following parameters, and then click Next.
Parameter
Description
Certificate Type
By default, SSL Certificates Service is selected.
Certificate Name
Select your certificate from the drop-down list.
Certificate (Public Key)
This certificate is generated automatically after you select it.
Private Key
This value is automatically generated after you select a certificate, and the sensitive information remains hidden.
Set the domain name to associate with the certificate.
NoteIf a certificate is already deployed for the selected domain name, this operation overwrites the existing certificate.
You can deploy and update certificates in batches based on the association between certificates and domain names.
Click OK to complete the deployment and update.
Query certificates
On the Certificates page, you can view certificate information, such as Accelerated Domain Name, Certificate Name, and Certificate Status.
Certificate status | Description |
Normal | The domain name certificate is valid. |
Domain name does not match certificate | If the domain name and the certificate do not match, update the certificate immediately. For more information, see Configure or update an HTTPS certificate. |
Pending Expiration | The certificate is about to expire. Renew the certificate promptly. For more information, see SSL certificate renewal and expiration. |
Expired | The certificate has expired. You can update the expired certificate. For more information, see Configure or update an HTTPS certificate. |
Verify that the HTTPS configuration is effective
After you update an HTTPS certificate, the change takes effect across the network within one minute. To verify that the configuration is effective, access your resources using HTTPS. If a lock icon appears in the browser's address bar, HTTPS secure acceleration is enabled.