Help Center> Elastic Load Balance> User Guide (ME-Abu Dhabi Region)> Certificate> Creating a Certificate
Updated on 2022-01-25 GMT+08:00
View PDF

Creating a Certificate

Scenarios

To enable authentication for securing data transmission over HTTPS, ELB allows you to deploy certificates on load balancers.

  • A certificate can be bound to one type of load balancer. Ensure that you have selected the correct type.

Create a Certificate

  1. Log in to the management console.
  2. In the upper left corner of the page, click and select the desired region and project.
  3. Click Service List. Under Network, click Elastic Load Balance.
  4. In the navigation pane on the left, choose Certificates.
  5. Click Create Certificate. In the Create Certificate dialog box, configure the following parameters:
    • Certificate Name
    • Certificate Type
      • Server certificate: used for SSL handshake negotiations when an HTTPS listener is added. Both the certificate content and private key are required.
      • CA certificate: issued by a certificate authority (CA) and used to verify the certificate issuer. If HTTPS mutual authentication is required, HTTPS connections can be established only when the client provides a certificate issued by a specific CA.
    • Certificate Content: The content must be in PEM format.

      Click Upload and select the certificate to be uploaded. Ensure that your browser is of the latest version.

    • Private Key

      Click Upload and select the private key to be uploaded. Ensure that your browser is of the latest version.

      The private key must be an unencrypted one, and its format is as follows: 
      -----BEGIN PRIVATE KEY-----
[key]
-----END PRIVATE KEY-----

      If a certificate chain is used, you need to configure the content and private keys of all certificates in sequence, starting from the sub-certificate, and ensure that the certificate content is configured in the same sequence as private keys. For example, if you have three certificates: sub-certificate, intermediate certificate, and root certificate, the first one to be configured is the sub-certificate, followed by the intermediate certificate, and the last one is the root certificate.

    • Domain Name

      If the created certificate is used for SNI, you need to specify a domain name. Only one domain name can be specified for each certificate, and the domain name must be the same as that in the certificate.

    • Description
  1. Click OK.

Delete a Certificate

Only certificates that are not in use can be deleted.

  1. Log in to the management console.
  2. In the upper left corner of the page, click and select the desired region and project.
  3. Click Service List. Under Network, click Elastic Load Balance.
  4. In the navigation pane on the left, choose Certificates.
  5. Locate the target certificate and click Delete in the Operation column.
  6. In the Delete Certificate dialog box, click Yes.

Modify a Certificate

  1. Log in to the management console.
  2. In the upper left corner of the page, click and select the desired region and project.
  3. Click Service List. Under Network, click Elastic Load Balance.
  4. In the navigation pane on the left, choose Certificates.
  5. Locate the target certificate and click Modify in the Operation column.
  6. In the Modify Certificate dialog box, modify the parameters.
  7. Click OK.

Bind a Certificate

  1. Log in to the management console.
  2. In the upper left corner of the page, click and select the desired region and project.
  3. Click Service List. Under Network, click Elastic Load Balance.
  4. Locate the target load balancer and click its name.
  5. Under Listeners, click Add Listener.
  6. In the Add Listener dialog box, set the parameters. When Frontend Protocol is set to HTTPS, a server certificate must be bound to the listener.
  7. Click OK.
Parent topic: Certificate