Help Center/ Cloud Certificate Manager/ Best Practices/ Best Practices for SSL Certificate Manager/ Deploying SSL Certificates to the Cloud in One Click/ Deploying an SSL Certificate to ELB in One Click
Updated on 2024-12-17 GMT+08:00
View PDF
Share

Deploying an SSL Certificate to ELB in One Click

Prerequisites

  • You have an SSL certificate that is in Issued or Hosted status in CCM.
  • You have enabled Elastic Load Balance (ELB).

Notes and Constraints

  • You can use SCM to update the certificate deployed on listeners in ELB. If you update an SSL certificate in SCM, the certificate content and private keys are updated in ELB accordingly. ELB then updates the certificate content and private keys on all listeners where the certificate is deployed for.
  • If an ELB certificate is used for multiple domain names, ensure that the new certificate you want to update in SCM for ELB must match with those domain names. If they do not match, the domain names in the new certificate will overwrite the ones in the original certificate after the update.

    For example, the primary domain name and additional domain name of the new certificate are example01.com and example02.com, respectively, and the domain names associated with the original certificate in ELB are example01.com and example03.com. When you update the certificate in SCM, the domain names associated with the certificate in ELB are updated to example01.com and example02.com.

Creating a Listener and a Load Balancer

Before you start, you need to create a load balancer and listener in ELB. For details, see:

Configuring an SSL Certificate in ELB

If you deploy an SSL certificate on ELB for the first time, you need to configure the certificate on ELB so that you can deploy the SSL certificate to ELB using SCM. For details about creating a certificate in ELB, see Creating a Certificate.

When creating a certificate, ensure that the domain name you enter must be the same as that included in the SSL certificate.

(Optional) Upload Private Key

If you select Upload a CSR for CSR when applying for a certificate, you need to upload the private key to the cloud to deploy the issued certificate to other cloud services in one-click mode because the cloud does not have the private key of the certificate. If you select System generated CSR for CSR during certificate application, skip this step.

  1. Log in to the management console.
  2. Click in the upper left corner of the page and choose Security & Compliance > Cloud Certificate Management Service. The service console is displayed.
  3. In the navigation pane on the left, choose SSL Certificate Manager > SSL Certificates.
  4. In the Operation column of the target certificate, choose More > Upload Private Key.

    Figure 1 Uploading the private key

  5. In the displayed dialog box, click Upload and select a local private key file, or enter the certificate private key information in the text box according to the format.

    Figure 2 Uploading the private key file

  6. Click Submit.

    After the private key is uploaded successfully, the Deploy button of the certificate becomes available.

    Figure 3 Private key uploaded

Deploying an SSL Certificate to ELB

  1. Log in to the management console.
  2. Click in the upper left corner of the page and choose Security & Compliance > Cloud Certificate Management Service. The service console is displayed.
  3. In the navigation pane on the left, choose SSL Certificate Manager > SSL Certificates.
  4. Locate the row containing the certificate you want to deploy on other cloud product, and click Deploy in the Operation to go to the certificate deployment details page.

    Figure 4 Deploying a certificate

  5. On the displayed page, select ELB in the Deployment Details area.

    Figure 5 Selecting ELB

  6. Click on the right of the Region drop-down list and select the region where you want to deploy the certificate.
  7. Select the domain name you want to update the certificate for and click Update Certificate in the Operation column.

    To update the certificates for multiple domain names, select all the target domain names and click Batch Update above the domain name list.

  8. In the displayed dialog box, confirm the information, and click Confirm.

    If a message indicating that the certificate is updated successfully is displayed, the SSL certificate is updated for ELB.

Replacing a Certificate Before It Expires

An SSL certificate issued by any CA around the world is valid for one year. You need to update an SSL certificate in a timely manner. Once your new certificate is issued, replace the old one with it by referring to Deploying an SSL Certificate to ELB.