If you select Upload a CSR for CSR when applying for a certificate, the certificate file does not contain the certificate private key file after the certificate is issued. As a result, an error is reported when you push the certificate to WAF, ELB, or CDN.

When you manually generate a CSR file, a private key file is also generated. Although you do not need to upload the private key file when uploading the CSR file, you need to keep the private key file properly.

SCM makes it easier for you to quickly deploy such certificates in WAF, ELB, and CDN. Alternatively, you can directly deploy such certificates in those services. The detailed operations are as follows:

• Using SCM
  1. Download a certificate.

     Download an issued certificate to the local PC. For details, see Downloading an SSL Certificate.

  2. Upload the certificate.

     Upload the certificate downloaded in 1 and the local private key file to SCM. For details, see Uploading an External Certificate.

  3. Push the certificate to WAF, ELB, or CDN.

     Push the uploaded certificate to WAF, ELB, and CDN with just few clicks. For details, see Pushing an SSL Certificate to Other Cloud Services.

     After the push, you need to complete required configuration in the corresponding service.

     • ELB: If HTTPS data transmission encryption is required, you need to associate a certificate when creating an HTTPS listener. If you choose to push the certificate to ELB in one click, you can select the pushed certificate in ELB. Otherwise, you need to manually upload the certificate. For details about how to set ELB parameters, see Creating a Certificate.

       Generally, only server certificates need to be configured to authenticate servers for HTTPS-based business. For some key businesses, such as bank payment, two-way authentication is required for enhanced business security. For details about how to deploy certificates for two-way authentication, see Mutual Authentication.

     • CDN: To implement HTTPS security acceleration, you need to configure an HTTPS certificate for the acceleration domain name and deploy the certificate on CDN nodes on the entire network. If you choose to push the certificate to CDN in one click, you can select the pushed certificate in CDN. Otherwise, you need to manually upload the certificate. For details about how to set CDN parameters, see HTTPS Certificate Requirements.
     • WAF: You need to configure a certificate when adding a domain to WAF if HTTPS is used for communications between the client and WAF. If you choose to push the certificate to WAF in one click, you can select the pushed certificate in WAF. Otherwise, you need to manually upload the certificate. For details, see Adding a Domain Name.

       If a certificate has been configured in WAF, you only need to update the certificate. For details, see Updating a Certificate.

• Not using SCM
  1. Download a certificate.

     Download an issued certificate to the local PC. For details, see Downloading an SSL Certificate.

  2. Upload the certificate to WAF, ELB, and CDN.

     Upload the certificate downloaded in 1 to a specific service, such as WAF, ELB, and CDN. For details, see the corresponding service documentation.