Certificate Management

This topic lists some frequently asked questions (FAQs) about how to use a certificate.

Why Cannot the SSL Certificate of Huawei Cloud SCM Be Viewed on WAF?

After an SSL certificate is managed by Huawei Cloud SCM, you need to push the certificate to WAF by so that it can be used in Huawei Cloud WAF.

Currently, certificates purchased in Huawei Cloud SCM can be pushed only to the default enterprise project. For other enterprise projects, SSL certificates pushed by SCM cannot be used.

For details about how to push an SSL certificate from SCM to WAF, see Pushing an SSL Certificate to Other Cloud Services.

Why Cannot My Custom Enterprise Projects Use the SSL Certificate Pushed by Huawei Cloud SCM?

Currently, certificates purchased in Huawei Cloud SCM can be pushed only to the default enterprise project. For other enterprise projects, SSL certificates pushed by SCM cannot be used.

For details, see Pushing an SSL Certificate to Other Cloud Services.

How Do I Select a Certificate When Configuring a Wildcard Domain Name?

Each domain name must correspond to a certificate. A wildcard domain name can only be used for a wildcard domain certificate. If you only have single-domain certificates, you need to add domain names one by one in WAF.

Do I Need to Import the Certificates That Have Been Uploaded to ELB to WAF?

You can select a created certificate or import a new certificate. You need to import the certificate that has been uploaded to ELB to WAF.

How Do I Convert a Certificate into PEM Format?

Only .pem certificates can be used in WAF. If the certificate is not in .pem format, convert it into .pem locally by referring to Table 1 before uploading it.

**Table 1** Certificate conversion commands
Format	Conversion Method
CER/CRT	Rename the cert.crt certificate file to cert.pem.
PFX	Obtain a private key. For example, run the following command to convert cert.pfx into key.pem: openssl pkcs12 -in cert.pfx -nocerts -out key.pem -nodes Obtain a certificate. For example, run the following command to convert cert.pfx into cert.pem: openssl pkcs12 -in cert.pfx -nokeys -out cert.pem
P7B	Convert a certificate. For example, run the following command to convert cert.p7b into cert.cer: openssl pkcs7 -print_certs -in cert.p7b -out cert.cer Rename certificate file cert.cer to cert.pem.
DER	Obtain a private key. For example, run the following command to convert privatekey.der into privatekey.pem: openssl rsa -inform DER -outform PEM -in privatekey.der -out privatekey.pem Obtain a certificate. For example, run the following command to convert cert.cer into cert.pem: openssl x509 -inform der -in cert.cer -out cert.pem

Before running an OpenSSL command, ensure that the OpenSSL tool has been installed on the local host.
If your local PC runs a Windows operating system, go to the command line interface (CLI) and then run the certificate conversion command.

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.

Chatbot