Deploying an SSL Certificate to ELB in One Click

Prerequisites

• You have an SSL certificate that is in Issued or Hosted status in CCM.
• You have enabled Elastic Load Balance (ELB).

Notes and Constraints

• You can use SCM to update the certificate deployed on listeners in ELB. If you update an SSL certificate in SCM, the certificate content and private keys are updated in ELB accordingly. ELB then updates the certificate content and private keys on all listeners where the certificate is deployed for.
• To update a certificate used for ELB in SCM, domain names must be associated with the certificate in ELB.
• If an ELB certificate is used for multiple domain names, ensure that the new certificate you want to update in SCM for ELB must match with those domain names. If they do not match, the domain names in the new certificate will overwrite the ones in the original certificate after the update.

  For example, the primary domain name and additional domain name of the new certificate are example01.com and example02.com, respectively, and the domain names associated with the original certificate in ELB are example01.com and example03.com. When you update the certificate in SCM, the domain names associated with the certificate in ELB are updated to example01.com and example02.com.

• If you select Upload a CSR for CSR when applying for a certificate, the issued certificate cannot be directly deployed to other cloud products through SCM. To use a certificate in a cloud product, download the certificate to your local PC first. Then, upload it to the cloud product and complete deployment.

Creating a Listener and a Load Balancer

Before you start, you need to create a load balancer and listener in ELB. For details, see:

• Creating a Load Balancer
  • Creating a Shared Load Balancer.
  • Creating a Dedicated Load Balancer
• Adding an HTTPS Listener

Configuring an SSL Certificate in ELB

If you deploy an SSL certificate on ELB for the first time, you need to configure the certificate on ELB so that you can deploy the SSL certificate to ELB using SCM. For details about creating a certificate in ELB, see Creating a Certificate.

When creating a certificate, ensure that the domain name you enter must be the same as that included in the SSL certificate.

Deploying an SSL Certificate to ELB

1. Log in to the management console.
2. Click in the upper left corner of the page and choose Security & Compliance > Cloud Certificate Management Service.
3. In the navigation pane on the left, choose SSL Certificate Manager.
4. Locate the row containing the certificate you want to deploy on other cloud product, and click Deploy in the Operation to go to the certificate deployment details page.
   Figure 1 Deploying a certificate
   

5. On the displayed page, select ELB in the Deployment Details area.
   Figure 2 Selecting a cloud product
   

6. Click on the right of the Region drop-down list and select the region where you want to deploy the certificate.
7. Select the domain name you want to update the certificate for and click Update Certificate in the Operation column.
   To update certificates for multiple domain names, select all the target domain names and click Batch Update above the domain name list.

   Figure 3 Updating a certificate
   

8. In the displayed confirmation dialog box, click Confirm.
   Figure 4 Certificate update confirmation box
   

   If a message indicating that the certificate is updated successfully is displayed, the SSL certificate is updated for ELB.

Replacing a Certificate Before It Expires

An SSL certificate issued by any CA around the world is valid for one year. You need to update an SSL certificate in a timely manner. Once your new certificate is issued, replace the old one with it by referring to Deploying an SSL Certificate to ELB.