Help Center/ Cloud Bastion Host/ User Guide (Ally Region)/ Login Security Configuration/ Updating a System Web Certificate
Updated on 2025-12-10 GMT+08:00
View PDF
Share

Updating a System Web Certificate

A web certificate for a bastion host is a Secure Sockets Layer (SSL) server digital certificate issued by a trusted root certificate authority (CA). The certificate is used to verify the website identity and secure connections.

A secure self-issued certificate is configured for each bastion host by default, but this certificate takes effect only within certain scope and period. You can replace it with your own certificate.

This topic describes how to update the system certificate if it expires or fails a security check.

Prerequisites

  • You have purchased and downloaded an SSL certificate.
  • The domain name the uploaded certificate is used for has been resolved to the EIP bound to the bastion host.
  • You have the management permissions for the System module.

Constraints

  • Currently, only the Java Keystore certificate file of Tomcat, that is, the certificate file in .jks is supported.
  • Currently, the bastion host system supports the following certificate cryptographic algorithms: RSA and ECDSA.
  • A certificate file cannot exceed 20 KB and must contain a certificate password. When you upload an SSL certificate, provide its password for verification, or the upload will fail.

Procedure

  1. Log in to your bastion host.
  2. Choose System > System Config > Security.
  3. In the Web Certificate configuration area, click Edit. The Web Certificate upload dialog box is displayed.
  4. Upload the certificate file downloaded in your computer.
  5. After the certificate file is uploaded, enter the Keystore password to verify the certificate.
  6. Click OK. You can then check the web certificate configuration of the current system user on the Security tab.
  7. If the bastion host is deployed in primary/standby mode, update the web certificates on the primary bastion host first. Then, switch to the standby bastion host, and update the web certificate on the standby bastion host by referring to 1 to 6. If the bastion host is deployed in single-node mode, skip this step.

    1. On the primary bastion host, choose System > System Maintain > System Mgmt.
    2. In the Maintenance area, click Restart next to Restart.

      After the restart, you can perform operations on the standby bastion host.