After an SSL certificate is issued, you can create a certificate deployment task to immediately deploy the certificate to an Alibaba Cloud service or deploy the certificate to the service at a specific point in time. Then, the certificate can implement trusted identity authentication and ensure the security of data transmission for your business website. This topic describes how to deploy a certificate to an Alibaba Cloud service in the Certificate Management Service console.
Limits
You can deploy a certificate only to the following Alibaba Cloud services in the Certificate Management Service console: Serverless App Engine (SAE) - Gateway Routing, Microservices Engine (MSE) - Cloud-native Gateway, API Gateway, Global Accelerator (GA), Function Compute, Object Storage Service (OSS), Web Application Firewall (WAF), Application Load Balancer (ALB), Network Load Balancer (NLB), Alibaba Cloud CDN (CDN), Dynamic Content Delivery Network (DCDN), and Anti-DDoS Proxy.
If you want to deploy a certificate to other Alibaba Cloud services or if you want to deploy an SM certificate, contact your account manager or refer to the related service documentation. You can deploy SM certificates only to CDN, DCDN, and Anti-DDoS. The following table provides the references for deploying certificates on specific cloud services.
Cloud service | References |
CDN | |
DCDN | |
Anti-DDoS |
If issues occur when you deploy certificates, contact your account manager.
Prerequisites
A certificate is issued. For more information, see Purchase an SSL certificate and Apply for an SSL certificate.
The first time you deploy a certificate to a cloud service, you must enable HTTPS for the cloud service and configure the related settings in the console of the cloud service. If issues occur, contact your account manager.
If you want to deploy uploaded certificates, you must purchase a deployment quota. For more information, visit the deployment quota buy page.
If you deploy official certificates, the deployment quota is not consumed.
Procedure
Log on to the Certificate Management Service console.
In the left-side navigation pane, choose .
On the Deployment to Cloud Services page, click Create Task and perform the following steps to deploy a certificate:
The first time you use the deployment feature, you must complete authorization based on the instructions. After you complete authorization, you can create a deployment task.
In the Configure Basic Information step, configure the following parameters and click Next.
Parameter
Description
Task Name
Specify a name for the deployment task.
Contact
Select a contact to receive notifications for the deployment task. You can select up to 10 contacts.
Deployed At
Deploy: If you select this option, the certificate is immediately deployed to the Alibaba Cloud service.
Custom Time: If you select this option, you must specify the point in time at which you want the deployment task to run. The system starts the deployment task at the specified point in time.
In the Select Certificate step, select one or more certificates for the cloud service and click Next.
Parameter
Description
Certificate Type
The type of the certificates that you want to deploy. You can deploy an official certificate or an uploaded certificate.
You can select only one certificate type for a deployment task.
If you deploy an uploaded certificate, the deployment quota is consumed.
In the Select Resource step, select one or more cloud services and resources and click Preview and Submit.
The system intelligently matches cloud service resources based on the selected certificates. The system does not match cloud service resources for which HTTPS is disabled. You can click OK in the Prompt message to add the matched cloud service resources to the Selected Resources section. You can change the selected cloud service resources based on your business requirements.
NoteThe system automatically identifies and synchronizes the resources of all cloud services. If the required resources are not found, click Intelligently Match Cloud Service Resources above the resource list.
In the Task Preview panel, confirm the information about the certificates and cloud services and click Submit.
The panel displays the number of certificates that match the cloud services and the amount of deployment quota to be consumed.
If the number of certificates is 0, the certificate does not match the cloud service resources. In this case, the deployment task fails. Check the certificates that you selected.
The amount of deployment quota to be consumed is determined based on the number of resources that match the certificates. If the deployment task fails, the amount of deployment quota that is consumed by the deployment task is reverted.
What to do next
View the details of the deployment task
On the Deployment to Cloud Services page, find the deployment task and click Details in the Actions column.
On the task details page, view the certificate deployment status of resources on each cloud service tab. If a certificate fails to be deployed to a resource, you can view the cause in the Actions column.
If no cause is provided, contact your account manager.
Roll back the deployment task
After the deployment task is complete, you can perform the following steps to roll back the deployment task if the deployed certificates do not meet your requirements or if you want to undo the deployment for specific reasons:
On the Deployment to Cloud Services page, find the deployment task and click Details in the Actions column.
On the task details page, click the related cloud service tab, find the required resource, and then click Roll Back in the Actions column.
After the rollback is complete, the status of the deployment task changes to Rolled Back.
Delete the deployment task
After you delete a deployment task, it cannot be restored. Proceed with caution.
On the Deployment to Cloud Services page, find the deployment task and click Delete in the Actions column. You can also select multiple deployment tasks and click Delete below the task list.
References
For more information about how to deploy a certificate to a cloud server such as an Elastic Compute Service (ECS) instance or a simple application server, see Deploy a certificate to an ECS instance or a simple application server.