SSL Certificates
Secure Sockets Layer (SSL) is a security protocol designed to protect security and data integrity for Internet communications.
You can upload an SSL certificate to CCI. In HTTPS access, CCI will automatically install it to the Layer-7 load balancer for data transmission encryption.
- Secrets and SSL certificates share the same quota.
- You are advised to encrypt the uploaded SSL certificate.
SSL Certificate Introduction
An SSL certificate indicates compliance with the SSL protocol. An SSL certificate is issued to a server by a trusted digital certificate authority (CA) after the CA has verified the identity of the server. SSL certificates have the functions of server authentication and data transmission encryption. After you install an SSL certificate, a server can encrypt the data transmitted between clients and the server and prevent information leakage. In addition, the SSL certificate verifies whether the websites visited by the server are authentic and reliable.
SSL certificates are classified into authoritative and self-signed certificates. Authoritative certificates are issued by CAs. You can obtain authoritative certificates from third-party certificate agents. A client trusts websites that use authoritative certificates by default. Self-signed certificates are self-issued by users, typically using OpenSSL. By default, self-signed certificates are untrusted by the client. The browser will display an alarm message when you access a website that uses a self-signed certificate. You can continue to access the website by ignoring the alarm.
Application Scenarios
After you install an SSL certificate, a server can encrypt the data transmitted between clients and the server and prevent information leakage. To enable secure public network access for a web application in CCI, set the workload access mode to Internet access and the ELB protocol to HTTPS, and then select the certificate for Internet access during workload creation.
Adding a Certificate
- Log in to the CCI console. In the navigation pane on the left, choose Configuration Center > SSL Certificates. On the page displayed, select a namespace and click Add Certificate.
- Specify the name and description information of the SSL certificate.
Certificate name: Enter 1 to 253 characters starting and ending with a letter or digit. Only lowercase letters, digits, hyphens (-), and periods (.) are allowed. Do not enter two consecutive periods or a period adjacent to a hyphen.
- Upload the certificate file and private key file.
- .crt and .cer certificate files are supported, and the file size cannot exceed 1 MB. Ensure that the file content complies with the corresponding CRT or CER protocol.
- .key and .pem private key files are supported, and the file size cannot exceed 1 MB. You cannot encrypt private keys.
Figure 1 Uploading SSL certificate files
- Click Add.
Using an SSL Certificate
When the service has public network access, you can use the SSL certificate and set the ELB protocol to the HTTPS protocol.
During workload creation, set the workload access mode to Internet access and the ELB protocol to HTTP/HTTPS, and select the SSL certificate. The SSL certificate will be automatically installed on the ELB to encrypt data before it is transmitted.
After you create the workload, CCI will create a certificate for the load balancer and name the certificate after the workload. If a certificate with a name starting with beethoveen-cci-ingress is created on CCI, do not delete or update it. Otherwise, an access exception may occur.
Updating and Deleting an SSL Certificate
- You can update a certificate before it expires. The workload that uses the certificate will also update it at the same time.
- Do not delete a certificate that is being used by a workload. Otherwise, the workload may become inaccessible.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
