Which Format Is Required of a Certificate to Be Uploaded to SCM?

Currently, only certificates in the PEM format can be uploaded to SCM.

Certificates in other formats can be uploaded only after being converted into those in the PEM format. For details, see How Do I Convert a Certificate to PEM Format?

Can I Download an Uploaded Certificate?

Your uploaded digital certificate and private key will be encrypted and stored on HUAWEI CLOUD. You cannot download the certificate and private key again. Therefore, back up and store your private key.

Is the Use of Certificate on the Original Platform Affected After Uploading?

No. Uploading a certificate does not affect the use of it on the original platform.

Certificate uploading can be regarded as copying a local certificate to HUAWEI CLOUD. The copy operation does not affect the use of the certificate.

Why Is a Message Indicating Insecurity Displayed When I Access the Domain Name After the Certificate Is Uploaded?

After a certificate is uploaded, you need to push the certificate to the corresponding cloud product and complete required configuration.

SCM supports the push of certificates to WAF, ELB, and CDN. After the push, the certificates can be configured in the corresponding HUAWEI CLOUD services. After the configuration succeeds, data access through the HUAWEI CLOUD services is more secure.

You need to use SCM to push a certificate to the corresponding HUAWEI CLOUD service, and then configure the certificate in the corresponding HUAWEI CLOUD service to enable the HTTPS service. Perform the following steps to complete the check.

1. Use SCM to push a certificate to other HUAWEI CLOUD services.

   For details, see Pushing an SSL Certificate to Other Cloud Services.

2. Configure the certificate in the corresponding HUAWEI CLOUD service.
   • ELB: If HTTPS data transmission encryption is required, you need to associate a certificate when creating an HTTPS listener. If you choose to push the certificate to ELB in one click, you can select the pushed certificate in ELB. Otherwise, you need to manually upload the certificate. For details about how to set ELB parameters, see Creating a Certificate.

     Generally, only server certificates need to be configured to authenticate servers for HTTPS-based business. For some key businesses, such as bank payment, two-way authentication is required for enhanced business security. For details about how to deploy certificates for two-way authentication, see Mutual Authentication.

   • CDN: To implement HTTPS security acceleration, you need to configure an HTTPS certificate for the acceleration domain name and deploy the certificate on CDN nodes on the entire network. If you choose to push the certificate to CDN in one click, you can select the pushed certificate in CDN. Otherwise, you need to manually upload the certificate. For details about how to set CDN parameters, see HTTPS Certificate Requirements.
   • WAF: You need to configure a certificate when adding a domain to WAF if HTTPS is used for communications between the client and WAF. If you choose to push the certificate to WAF in one click, you can select the pushed certificate in WAF. Otherwise, you need to manually upload the certificate. For details, see Adding a Domain Name.

     If a certificate has been configured in WAF, you only need to update the certificate. For details, see Updating a Certificate.

   If you have any questions during the configuration, refer to the corresponding service documentation or contact the corresponding service personnel.