Client Certificates

Prerequisites

• You have configured an international HTTPS certificate. For details, see Configuring an HTTPS Certificate.
• You have applied for a client CA certificate.

Precautions

• A client certificate cannot be configured for domain names with special configurations.
• After a client certificate is configured, if the domain name in the SNI of a client request is not the acceleration domain name, the client request may be blocked and status code 403 will be returned.

Procedure

1. Log in to Huawei Cloud console. Choose Service List > Content Delivery & Edge Computing > Content Delivery Network.

   The CDN console is displayed.

2. In the navigation pane, choose Domains.
3. In the domain list, click the target domain name or click Configure in the Operation column.
4. Click the HTTPS Settings tab.
5. In the Client Certificate area, click Edit. The Configure Client Certificate dialog box is displayed.
   Figure 1 Configuring a client certificate
   

   Table 1 Parameters

   Parameter	Description
   Certificate	Content of the client CA certificate. Only the PEM format is supported. You can configure up to 20 CA certificates. Each certificate chain can contain up to four levels. The common name (CN) of a certificate must be unique.
   Domain Names (Optional)	Domain names specified in the client CA certificate. Leave this parameter blank to allow all requests from clients that hold the CA certificate. Enter up to 100 domain names. Separate them by commas (,) or enter one domain per row. If you configure multiple certificates, all certificates share the domain names.

6. Enable the Status switch, enter the certificate content, and click OK.
   • After the configuration is complete, a CDN PoP verifies the client certificate when a client requests resources using HTTPS. If the verification is successful, the PoP returns the resource to the client. If the verification fails, the access is rejected.