Help Center/ Elastic Load Balance/ User Guide/ Certificate/ Adding, Modifying, or Deleting a Certificate
Updated on 2024-03-19 GMT+08:00

Adding, Modifying, or Deleting a Certificate

Scenarios

To enable authentication for securing data transmission over HTTPS, you can add certificates to your load balancers. You can also modify and delete certificates.

  • SSL Certificate Manager (SCM) allows you to purchase a certificate from Huawei Cloud or upload your own certificates for easier management.
  • A certificate can be bound to only one type of load balancer. Ensure that you have selected the correct type.
  • If you want to use the same certificate in two regions, you need to create one certificate in each region.

Adding a Certificate

  1. Log in to the management console.
  2. In the upper left corner of the page, click and select the desired region and project.
  3. Hover on in the upper left corner to display Service List and choose Network > Elastic Load Balance.
  4. In the navigation pane on the left, choose Certificates.
  5. Click Add Certificate. In the Add Certificate dialog box, configure the parameters.
    • Certificate Name
    • Certificate Type
      • Server certificate: used for SSL handshake negotiations if an HTTPS listener is used. Both the certificate content and private key are required.
      • CA certificate: issued by a certificate authority (CA) and used to verify the certificate issuer. If HTTPS mutual authentication is required, HTTPS connections can be established only when the client provides a certificate issued by a specific CA.
    • Enterprise Project
    • Certificate Content: The content must be in PEM format. This parameter is mandatory when Certificate Type is set to Server certificate or CA certificate.

      Click Upload and select the certificate to be uploaded. Ensure that your browser is of the latest version.

      The format of the certificate body is as follows:

      -----BEGIN CERTIFICATE-----
      Base64–encoded certificate
      -----END CERTIFICATE-----
    • Private Key: This parameter is mandatory when Certificate Type is set to Server certificate.

      Click Upload and select the private key to be uploaded. Ensure that your browser is of the latest version.

      The value must be an unencrypted private key. The private key must be in PEM format. The format is as follows:
      -----BEGIN PRIVATE KEY-----
      [key]
      -----END PRIVATE KEY-----
    • If there is a certificate chain, you need to configure the certificates in the following sequence: sub-certificate (server certificate), intermediate certificate, and root certificate. If the root certificate has been preset on the server and is not contained in the issued certificates, first configure the sub-certificate (server certificate) and then the intermediate certificate.

      For example, if a CA issued a private key private.key and two certificates: a sub-certificate (server certificate) server.cer and an intermediate certificate mid.crt, paste the content of server.cer in the Certificate text box, press Enter, then paste the content of mid.crt in the Certificate text box, and paste the content of private.key in the Private Key text box to make the entire certificate chain take effect. The format of the certificate body in a certificate chain is as follows:

      Certificate body
      -----BEGIN CERTIFICATE-----
      Content of the server certificate server.cer
      -----END CERTIFICATE-----
      -----BEGIN CERTIFICATE-----
      Content of the intermediate certificate mid.crt
      -----END CERTIFICATE-----
      Private key
      -----BEGIN PRIVATE KEY-----
      Content of the private key private.key
      -----END PRIVATE KEY-----
    • Domain Name

      If the created certificate will be used for SNI, you need to specify a domain name for each certificate, and the domain name must be the same as that in the certificate.

    • Description
  1. Click OK.

Modifying a Certificate

  1. Log in to the management console.
  2. In the upper left corner of the page, click and select the desired region and project.
  3. Hover on in the upper left corner to display Service List and choose Network > Elastic Load Balance.
  4. In the navigation pane on the left, choose Certificates.
  5. Locate the certificate and click Modify in the Operation column.
  6. Modify the parameters as required.
  7. Confirm the information and click OK.

Deleting a Certificate

Only certificates that are not in use can be deleted.

  1. Log in to the management console.
  2. In the upper left corner of the page, click and select the desired region and project.
  3. Hover on in the upper left corner to display Service List and choose Network > Elastic Load Balance.
  4. In the navigation pane on the left, choose Certificates.
  5. Locate the certificate and click Delete in the Operation column.
  6. Click Yes.