All Products
Search

This Product

    ApsaraVideo Live:Configure HTTPS secure acceleration

    Document Center

    ApsaraVideo Live:Configure HTTPS secure acceleration

    Last Updated:Sep 06, 2024

    HTTPS is used for secure communication over networks. As a secure version of HTTP, HTTPS encapsulates HTTP data by using the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocol. SSL or TLS is the security foundation of HTTPS.

    Benefits

    • HTTPS encrypts sensitive information such as session IDs and cookies before transmission. This prevents security threats caused by sensitive information leakage.

    • HTTPS checks data integrity during transmission to protect the data against man-in-the-middle (MITM) attacks, such as DNS hijacking and tampering.

    • ApsaraVideo Live allows you to configure HTTPS secure acceleration. After you enable the HTTPS secure acceleration feature for a domain name, you need to upload a certificate that matches the domain name and a private key. You can view, enable, disable, or change the certificate.

    • After you correctly configure and enable the certificate, HTTP and HTTPS accesses are supported. If the certificate that you configured does not match the domain name or you disable the certificate, only HTTP access is supported.

    Usage notes

    Related operations

    Operation

    Description

    Disable or enable HTTPS

    After you disable HTTPS, ApsaraVideo Live no longer supports HTTPS requests. In addition, ApsaraVideo Live deletes the SSL certificate and private key. After you enable HTTPS, you must upload the certificate and private key again to enable the certificate.

    View a certificate

    You can view a certificate. However, you cannot view a private key because it is sensitive. Keep your certificate information safe.

    Change or edit a certificate

    You can change or edit a certificate. It requires 5 minutes for an updated certificate to take effect. Exercise caution when you perform this operation.

    Certificate management

    • ApsaraVideo Live supports certificates purchased by using Certificate Management Service and custom certificates.

    • After you enable HTTPS secure acceleration for a domain name, you must upload a certificate and a private key, both of which must be in the PEM format.

    Note

    ApsaraVideo Live uses the NGINX-based Tengine web server. Therefore, ApsaraVideo Live supports only PEM certificates that can be read by NGINX.

    • ApsaraVideo Live supports only SSL/TLS handshakes that include Server Name Indication (SNI) information.

    • The uploaded certificate must match the private key. Otherwise, the certificate and private key fail the verification.

    • It requires 5 minutes for an updated certificate to take effect.

    • The system does not support private keys for which passwords are configured.

    Procedure

    Step 1: Purchase a certificate

    To enable HTTPS secure acceleration, you must upload a certificate that matches the domain name. To purchase a certificate, click Buy Now on the Certificate Management Service buy page. If you want to use a custom certificate, skip this step.

    Step 2: Configure the domain name

    1. Enable HTTPS secure acceleration.

      1. Log on to the ApsaraVideo Live console.

      2. In the left-side navigation pane, click Domain Names. The Domain Management page appears.

      3. Find the streaming domain that you want to configure and click Domain Settings in the Actions column.

      4. In the left-side navigation tree, choose Streaming Management > HTTPS Settings. On the page that appears, turn on HTTPS Certificate.

    2. Upload a certificate.

      • Alibaba Cloud Certificate Management Service: In the dialog box that appears, select Alibaba Cloud Security for Certificate Authority and then select a certificate that is purchased from Certificate Management Service.

      • Custom certificate: In the dialog box that appears, select Others for Certificate Authority. Then, specify the certificate name, certificate content, and private key. The certificate is stored in the Certificate Management Service console. You can view the certificate on the SSL Certificates page.

        Note

        Only certificates in the PEM format are supported.

    3. Configure the redirect type.

      Click Change Settings in the Force Redirect section.

      You can force clients to use HTTP or HTTPS by forcibly redirecting the original requests. For example, you set the redirect type to HTTP > HTTPS. When a client initiates an HTTP request, the server returns a 302 response to redirect the request to the HTTPS version of the web page.

      Default: HTTP and HTTPS requests are supported.

      HTTP > HTTPS: forces clients to use HTTPS.

      HTTPS > HTTP: forces clients to use HTTP.

    Step 3: Verify that the certificate takes effect

    After a certificate is uploaded, it takes effect within 1 minute. To verify that the certificate takes effect, send HTTPS requests to access resources. If the URL is displayed with a lock icon in the address bar of the browser, HTTPS secure acceleration is working as expected.111