Help Center> Cloud Certificate Manager> SSL Certificate Manager (SCM)> Managing SSL Certificates> Pushing an SSL Certificate to Other Cloud Services
Updated on 2023-10-20 GMT+08:00
View PDF

Pushing an SSL Certificate to Other Cloud Services

After an SSL certificate is issued, you can push it to other Huawei Cloud services, such as Web Application Firewall (WAF), Elastic Load Balance (ELB), and Content Delivery Network (CDN) in just few clicks. In this manner, data access through the cloud services is more secure.

Prerequisites

The certificate is in the Issued or Hosted state.

Constraints

  • When pushing a certificate to WAF, the certificate can be pushed to domain names in the default enterprise project only. You can share the certificate with other enterprise projects through the default project in WAF. For details, see Sharing a Certificate with other Enterprise Projects.
  • For CDN, SSL certificate names cannot be the same as those of existing SSL certificates. Otherwise, they will fail to be pushed.
  • If you choose to manually generate a CSR when applying for a certificate, the issued certificate cannot be pushed to other cloud services.
  • If you have not purchased a given cloud service or the service is not available for the domain name associated with your certificate, do not push the certificate to it because the process may fail.
  • A certificate can only be pushed to a product once in SCM. If you push a certificate that has been pushed or uploaded to a cloud product, a push failure will occur.

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner of the page and choose Security & Compliance > Cloud Certificate Management Service. The service console is displayed.
  3. In the navigation pane, choose SSL Certificate Manager > SSL Certificates.
  4. In the Operation column of the certificate you want to push, click More > Push to go to the certificate push details page.
  5. Select the cloud service you wish to push the certificate to.

    Figure 1 Selecting a cloud service

  6. (Optional) Perform this step if a certificate is to be pushed to WAF or ELB.

    Click on the right of the target project and select the target region. You can select up to 10 regions.

    Figure 2 Selecting the destination region

  7. Click Push Certificate at the lower right corner of the page.

    If a message indicating that the certificate is successfully pushed is displayed, the SSL certificate is successfully pushed to the target service.

    You need to further configure the certificate on the console of the service to enable HTTPS for it.

  8. Check whether you need to immediately access the console of the target service to configure the certificate.

    • If yes, click Configure Now. The management page of the target service is displayed. Configure the certificate:
    • If no, click Continue Pushing or in the upper right corner of the page. The certificate push page or SSL certificate management page is displayed.

      You can access the console of the target service for certificate management.

    You can view the latest 10 push records on the certificate push page.

Follow-up Operation

You can manage pushed certificates on the console of the corresponding service.

If you have any questions during the configuration, refer to the corresponding service documentation or consult the corresponding service personnel.

  • ELB: If HTTPS data transmission encryption is required, you need to associate a certificate when creating an HTTPS listener. If you choose to push the certificate to ELB in one click, you can select the pushed certificate in ELB. Otherwise, you need to manually upload the certificate. For details, see Creating, Modifying, or Deleting a Certificate.

    Generally, only server certificates need to be configured to authenticate servers for HTTPS-based business. For some key businesses, such as bank payment, two-way authentication is required for enhanced business security. For details, see HTTPS Two-way Authentication.

  • CDN: To implement HTTPS security acceleration, you need to configure an HTTPS certificate for the acceleration domain name and deploy the certificate on CDN nodes on the entire network. If you choose to push the certificate to CDN in one click, you can select the pushed certificate in CDN. Otherwise, you need to manually upload the certificate. For details, see HTTPS Certificates.
  • WAF: You need to configure a certificate when adding a domain to WAF if HTTPS is used for communications between the client and WAF. If you choose to push the certificate to WAF in one click, you can select the pushed certificate in WAF. Otherwise, you need to manually upload the certificate. For details, see WAF Certificate Configuration.

    If the certificate has been configured in WAF, you only need to update it. For details, see Updating a Certificate.