Updated on 2022-11-23 GMT+08:00

Deploying an SSL Certificate to WAF in One Click

Prerequisites

  • You have an SSL certificate that is in Issued or Hosted status in CCM.
  • You have enabled Web Application Firewall (WAF).

Notes and Constraints

  • Currently, you can use SCM to quickly deploy an SSL certificate to WAF in the default enterprise project only. For other enterprise projects, download the certificates first, upload them to WAF, and then deploy them in WAF.
  • If you select Upload a CSR for CSR when applying for a certificate, the issued certificate cannot be directly deployed to other cloud products through SCM. To use a certificate in a cloud product, download the certificate to your local PC first. Then, upload it to the cloud product and complete deployment.

Adding a Domain Name to WAF

Before deploying an SSL certificate to WAF, you need to add the domain name that will use the SSL certificate to WAF. For details, see:

When a domain name is added to WAF, HTTPS must be select for Client Protocol.

Deploying an SSL Certificate to WAF

  1. Log in to the management console.
  2. Click in the upper left corner of the page and choose Security & Compliance > Cloud Certificate Management Service.
  3. In the navigation pane on the left, choose SSL Certificate Manager.
  4. Locate the row containing the certificate you want to deploy on other cloud product, and click Deploy in the Operation to go to the certificate deployment details page.

    Figure 1 Deploying a certificate

  5. On the displayed page, select WAF in the Deployment Details area.
  6. Select the domain name you want to deploy the certificate for and click Redeploy in the Operation column.

    To deploy a certificate for multiple domain names, select all the target domain names and click Deploy above the domain name list.

    Figure 2 Deployment Details

  7. Click on the right of the Region drop-down list and select the region where you want to deploy the certificate.
  8. In the displayed confirmation dialog box, click Confirm.

    When the certificate is deployed, the Status column for the domain name reads Deployed.

Replacing a Certificate Before It Expires

An SSL certificate issued by any CA around the world is valid for one year. You need to update an SSL certificate in a timely manner. Once your new certificate is issued, replace the old one with it by referring to Deploying an SSL Certificate to WAF.