Updated on 2024-12-24 GMT+08:00

Updating a Certificate

If the purchased certificate is about to expire, you are advised to purchase a new certificate before the expiration date and update the certificate associated with the domain name in AAD.

To update the certificate associated with a domain name, you can associate a new certificate with the domain name in AAD.

  • The certificate takes effect 1 minute after it is updated. Therefore, update certificates in off-peak hours.
  • Certificate expiration has a great impact on the origin server. You are advised to update the certificate before it expires.
  • Each domain name must be associated with a certificate. A wildcard domain name can only be used for a wildcard domain certificate. If you have not purchased a wildcard domain certificate and have only a single-domain certificate, you can only add domain names one by one in AAD.

Updating a Certificate

  1. Log in to the management console.
  2. Select a region in the upper part of the page, click in the upper left corner of the page, and choose Security & Compliance > Anti-DDoS Service. The Anti-DDoS Service Center page is displayed.
  3. In the navigation pane on the left, choose Advanced Anti-DDoS > Domain Name Access. The Domain Name Access page is displayed.

    Figure 1 Domain name access

  4. Locate the row that contains the target domain name, and click Update in the Service Type column.
  5. In the displayed Update Certificate dialog box, upload a new certificate or select an existing certificate.

    • Manual: Enter the certificate name and paste the certificate and private key text. Currently, only PEM certificates are supported. For details about how to convert non-PEM certificates, see Table 1.
    • Automatic: Select an issued certificate.
    • Select an existing certificate: Select the certificate that is in use.
    Figure 2 Replacing a certificate
    Table 1 Certificate format conversion commands

    Format

    Conversion Method

    CER/CRT

    Rename the cert.crt certificate file to cert.pem.

    PFX

    Use OpenSSL to convert the certificate.

    Obtain a private key. For example, run the following command to convert cert.pfx into cert.key:

    openssl pkcs12 -in cert.pfx -nocerts -out cert.key -nodes

    Obtain a certificate. For example, run the following command to convert cert.pfx into cert.pem:

    openssl pkcs12 -in cert.pfx -nokeys -out cert.pem

    P7B

    Use OpenSSL to convert the certificate.

    1. Run the following command to convert the certificate: openssl pkcs7 -print_certs -in incertificat.p7b -out cert.cer
    2. Obtain the certificate content in cert.cer.
    3. Save the content in .pem format.

    DER

    Use OpenSSL to convert the certificate.

    1. Obtain a private key. For example, run the following command to convert privatekey.der into privatekey.pem:

      openssl rsa -inform DER -outform PEM -in privatekey.der -out privatekey.pem

    2. Obtain a certificate. For example, run the following command to convert cert.cer into cert.pem:

      openssl x509 -inform der -in cert.cer -out cert.pem

    Before running the openssl command in Windows, ensure that the OpenSSL tool has been installed.

  6. Click OK.