All Products
Search

This Product

    Certificate Management Service:Deploy a certificate to a cloud service of a third-party cloud

    Document Center

    Certificate Management Service:Deploy a certificate to a cloud service of a third-party cloud

    更新時間:Oct 14, 2024

    If you use a third-party cloud service and an SSL certificate is issued, you can deploy the certificate to the third-party cloud service by using Certificate Management Service. This simplifies certificate migration and configuration.

    Supported third-party cloud services

    Cloud platform

    Cloud service

    Tencent Cloud

    • Content Delivery Network (CDN)

    • Classic Load Balancer (CLB)

    • Web Application Firewall (WAF)

    Amazon Web Services (AWS)

    • Amazon CloudFront

    • Load Balancing, including Application Load Balancer (ALB), Network Load Balancer (NLB), and CLB

    Huawei Cloud

    • CDN

    • Elastic Load Balance (ELB)

    Note

    If you want to deploy certificates to other cloud services, contact your account manager.

    Deployment description

    • If you want to deploy uploaded certificates, make sure that a deployment quota is purchased. For more information, visit the deployment quota buy page.

    • If you want to deploy official certificates, the deployment quota is not consumed.

    Step 1: Add an account of a third-party cloud service provider

    Before you deploy a certificate to a third-party cloud service, you must grant the required permissions to the related third-party cloud account or sub-account, and add the AccessKey pair of the account or sub-account to Alibaba Cloud.

    1. Log on to the Certificate Management Service console.

    2. In the left-side navigation pane, choose Comprehensive Management > Multi-cloud AK Management.

    3. On the Multi-cloud AK Management page, click Add Authorization.

    4. Click the required cloud service provider. In the panel that appears, configure an account of the cloud service provider based on the instructions.

      In the following steps, a sub-account of Tencent Cloud is used as an example.

      1. Log on to the Tencent Cloud console, go to the User List page and click Create User.

      2. On the Create User page, click Quick Creation.

      3. On the Quick Creation page, configure the user information.

        image

        • Username: Enter a username.

        • Access Method: Click the image icon and select Programming access.

        • User permissions: Click the image icon. Then, select QcloudSSLFullAccess and the policy that grants read and write permissions on the required cloud service. For example, if you want to deploy an Alibaba Cloud certificate to Tencent Cloud CDN, select QcloudSSLFullAccess and QcloudCDNFullAccess. QcloudSSLFullAccess grants the read and write permissions on Tencent Cloud SSL Certificate Service. QcloudCDNFullAccess grants the read and write permissions on Tencent Cloud CDN.

        The following figure shows an example of the information about a newly created user.

        image

      4. Log on to the Alibaba Cloud Certificate Management Service console. In the Submit AK step of the Edit Multi-cloud Configuration panel, configure a Tencent Cloud account or sub-account, and click OK.

    Step 2: Deploy a certificate to the third-party cloud service

    1. In the left-side navigation pane, choose Deployment and Resource Management > Multi-cloud Deployment.

    2. On the Multi-cloud Deployment page, click Create Task and deploy an Alibaba Cloud certificate to the third-party cloud service.

      1. In the Configure Basic Information step, specify an AccessKey pair, a contact, and a deployment time, and then click Next.

        Parameter

        Description

        Task Name

        The name of the deployment task.

        Select AK

        Select the AccessKey pair of the third-party cloud account that is added to Alibaba Cloud in Step 1. If no AccessKey pair is available, click Add New AK to add an AccessKey pair. For more information, see Supported third-party cloud services.

        Contact

        Select a contact to receive notifications for the deployment task. You can select up to 10 contacts.

        Deployed At

        • Deploy: If you select this option, the certificate is immediately deployed to the third-party cloud service.

        • Custom Time: If you select this option, specify the point in time at which you want to run the deployment task. The system runs the deployment task at the specified point in time.

      2. In the Select Certificate step, select one or more certificates for the third-party cloud service and click Next.

        Parameter

        Description

        Certificate Type

        If you deploy an uploaded certificate, the deployment quota is consumed.

      3. In the Select Resource step, select one or more cloud services and resources and click Preview and Submit. The system automatically identifies and synchronizes the resources of third-party cloud services.

      4. In the Task Preview panel, confirm the information about the certificates and cloud service and click Submit.

        The preview panel displays the number of certificates that match the cloud service and the amount of deployment quota to be consumed.

        • If the number of certificates is 0, the certificate does not match the cloud service resources. In this case, the deployment task fails. Check the certificates that you selected.

        • The amount of deployment quota to be consumed is determined based on the number of resources that match the certificates. If the resources match the certificates but the deployment task fails, the amount of deployment quota that is consumed by the deployment task is reverted.