Updated on 2024-10-23 GMT+08:00

Client Certificates

You can configure a client certificate to enforce mutual certificate authentication between the clients and CDN PoPs, securing website communication.

Prerequisites

Precautions

  • A client certificate cannot be configured for domain names with special configurations.

Procedure

  1. Log in to Huawei Cloud console. Choose Service List > Content Delivery & Edge Computing > Content Delivery Network.

    The CDN console is displayed.

  2. In the navigation pane, choose Domains.
  3. In the domain list, click the target domain name or click Configure in the Operation column.
  4. Click the HTTPS Settings tab.
  5. In the Client Certificate area, click Edit. The Configure Client Certificate dialog box is displayed.
    Figure 1 Configuring a client certificate
    Table 1 Parameters

    Parameter

    Description

    Certificate

    Content of the client CA certificate. Only the PEM format is supported.

    Domain Names (Optional)

    Domain names specified in the client CA certificate.

    • Leave this parameter blank to allow all requests from clients that hold the CA certificate.
    • Enter up to 100 domain names. Separate them by commas (,) or enter one domain per row.
  1. Enable the Status switch, enter the certificate content, and click OK.
    • After the configuration is complete, a CDN PoP verifies the client certificate when a client requests resources using HTTPS. If the verification is successful, the PoP returns the resource to the client. If the verification fails, the access is rejected.