Adding a Certificate
Scenarios
To enable authentication for securing data transmission over HTTPS, ELB allows you to bind certificates to HTTPS listeners of a load balancer.
- Server certificate: You can purchase a certificate from SSL Certificate Manager (SCM) or upload your own certificates.
- CA certificate: You can only upload your own CA certificates.
- Server SM certificate: You can purchase a certificate from SSL Certificate Manager (SCM) or upload your own certificates.
If you want to use the same certificate in two regions, you need to add a certificate in each region.
Adding a Server Certificate
- Log in to the management console.
- In the upper left corner of the page, click and select the desired region and project.
- Click in the upper left corner to display Service List and choose Networking > Elastic Load Balance.
- In the navigation pane on the left, choose Certificates.
- Click Add Certificate on the top right corner and set parameters by referring to Table 1.
Table 1 Server certificate parameters Parameter
Description
Certificate Type
Specifies the certificate type. Select Server certificate.
- Server certificate: used for SSL handshake negotiations if an HTTPS listener is used. Both the certificate content and private key are required.
- CA certificate: issued by a certificate authority (CA) and used to verify the certificate issuer. If HTTPS mutual authentication is required, HTTPS connections can be established only when the client provides a certificate issued by a specific CA.
Source
Specifies the source of a certificate. You can purchase a certificate from SCM or upload your own certificates.
- SSL Certificate Manager (SCM): server certificate provided by SCM. You need to buy a certificate or upload your own certificates to the SCM console.
- Your certificate: You need to upload the certificate content and private key of your own certificate to the ELB console.
NOTE:You are advised to use SCM to manage your certificates.
Certificate
This parameter is only available for SCM certificates.
You can select certificates provided by SCM.
Certificate Name
Specifies the name of your certificate.
This parameter is only available for your certificates.
Enterprise Project
Specifies an enterprise project by which cloud resources and members are centrally managed.
Certificate Content
Specifies the content of a certificate. This parameter is only available for your certificates.
The content must be in PEM format.
Click Upload and select the certificate to be uploaded. Ensure that your browser is of the latest version.
The format of the certificate body is as follows:
-----BEGIN CERTIFICATE----- Base64–encoded certificate -----END CERTIFICATE-----
Private Key
Specifies the private key of a certificate. This parameter is only available for your certificates.
Click Upload and select the private key to be uploaded. Ensure that your browser is of the latest version.
The value must be an unencrypted private key. The private key must be in PEM format as follows:-----BEGIN PRIVATE KEY----- [key] -----END PRIVATE KEY-----
SNI Domain Name (Optional)
The domain name must be specified if the certificate is intended for SNI.
A domain name can contain only letters, digits, and hyphens (-) and consist of multiple labels (max. 63 characters each) separated by periods (.). It cannot start or end with a hyphen (-).
You can specify up to 100 domain names, separated by commas (,). A domain name can contain a maximum of 100 characters, and the total length cannot exceed 10,000 characters.
Description
(Optional) Provides supplementary information about the certificate.
Adding a CA Certificate
- Log in to the management console.
- In the upper left corner of the page, click and select the desired region and project.
- Click in the upper left corner to display Service List and choose Networking > Elastic Load Balance.
- In the navigation pane on the left, choose Certificates.
- Click Add Certificate on the top right corner and set parameters by referring to Table 2.
Table 2 CA certificate parameters Parameter
Description
Certificate Type
Specifies the certificate type. Select CA certificate.
- Server certificate: used for SSL handshake negotiations if an HTTPS listener is used. Both the certificate content and private key are required.
- CA certificate: issued by a certificate authority (CA) and used to verify the certificate issuer. If HTTPS mutual authentication is required, HTTPS connections can be established only when the client provides a certificate issued by a specific CA.
Certificate Name
Specifies the name of the CA certificate.
Enterprise Project
Specifies an enterprise project by which cloud resources and members are centrally managed.
Certificate Content
The content must be in PEM format.
Click Upload and select the certificate to be uploaded. Ensure that your browser is the latest version.
The format of the certificate body is as follows:
-----BEGIN CERTIFICATE----- Base64–encoded certificate -----END CERTIFICATE-----
Description
(Optional) Provides supplementary information about the certificate.
- Click OK.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot