Updated on 2024-12-12 GMT+08:00

Adding a Certificate

Scenarios

To enable authentication for securing data transmission over HTTPS, ELB allows you to bind the following certificates to HTTPS listeners of a load balancer:

  • Server certificate: You can purchase a certificate from SSL Certificate Manager (SCM) or upload your own certificates.
  • CA certificate: You can only upload your own CA certificates.
  • Server SM certificates: You can purchase a certificate from SSL Certificate Manager (SCM) or upload your own certificates.

If you want to use the same certificate in two regions, you need to add a certificate in each region.

Adding a Server Certificate

  1. Go to the load balancer list page.
  2. In the navigation pane on the left, choose Certificates.
  3. Click Add Certificate on the top right corner and set parameters by referring to Table 1.
    Table 1 Server certificate parameters

    Parameter

    Description

    Certificate Type

    Specifies the certificate type. Select Server certificate.

    • Server certificate: used for SSL handshake negotiations if an HTTPS listener is used. Both the certificate content and private key are required.
    • CA certificate: issued by a certificate authority (CA) and used to verify the certificate issuer. If HTTPS mutual authentication is required, HTTPS connections can be established only when the client provides a certificate issued by a specific CA.

    Source

    Specifies the source of a certificate. You can purchase a certificate from SCM or upload your own certificates.

    • SSL Certificate Manager (SCM): server certificate provided by SCM. You need to buy a certificate or upload your own certificates to the SCM console.
    • Your certificate: You need to upload the certificate content and private key of your own certificate to the ELB console.
    NOTE:

    You are advised to use SCM to manage your certificates.

    Certificate

    This parameter is only available for SCM certificates.

    You can select certificates provided by SCM.

    Certificate Name

    Specifies the name of your certificate.

    This parameter is only available for your certificates.

    Enterprise Project

    Specifies an enterprise project by which cloud resources and members are centrally managed.

    Certificate Content

    Specifies the content of a certificate. This parameter is only available for your certificates.

    The content must be in PEM format.

    Click Upload and select the certificate to be uploaded. Ensure that your browser is of the latest version.

    The format of the certificate body is as follows:

    -----BEGIN CERTIFICATE-----
    Base64–encoded certificate
    -----END CERTIFICATE-----

    Private Key

    Specifies the private key of a certificate. This parameter is only available for your certificates.

    Click Upload and select the private key to be uploaded. Ensure that your browser is of the latest version.

    The value must be an unencrypted private key. The private key must be in PEM format as follows:
    -----BEGIN PRIVATE KEY-----
    [key]
    -----END PRIVATE KEY-----

    SNI Domain Name (Optional)

    The domain name must be specified if the certificate is intended for SNI.

    A domain name can contain only letters, digits, and hyphens (-) and consist of multiple labels (max. 63 characters each) separated by periods (.). It cannot start or end with a hyphen (-).

    You can specify up to 100 domain names, separated by commas (,). A domain name can contain a maximum of 100 characters, and the total length cannot exceed 10,000 characters.

    Description

    (Optional) Provides supplementary information about the certificate.

Adding a CA Certificate

  1. Go to the load balancer list page.
  2. In the navigation pane on the left, choose Certificates.
  3. Click Add Certificate on the top right corner and set parameters by referring to Table 2.
    Table 2 CA certificate parameters

    Parameter

    Description

    Certificate Type

    Specifies the certificate type. Select CA certificate.

    • Server certificate: used for SSL handshake negotiations if an HTTPS listener is used. Both the certificate content and private key are required.
    • CA certificate: issued by a certificate authority (CA) and used to verify the certificate issuer. If HTTPS mutual authentication is required, HTTPS connections can be established only when the client provides a certificate issued by a specific CA.

    Certificate Name

    Specifies the name of the CA certificate.

    Enterprise Project

    Specifies an enterprise project by which cloud resources and members are centrally managed.

    Certificate Content

    Specifies the content of the CA certificate. The certificate must be a PEM file.

    Click Upload and select the certificate to be uploaded. Ensure that your browser is of the latest version.

    The format of the certificate body is as follows:

    -----BEGIN CERTIFICATE-----
    Base64–encoded certificate
    -----END CERTIFICATE-----

    Description

    (Optional) Provides supplementary information about the certificate.

  4. Click OK.