Updated on 2024-12-13 GMT+08:00

Pushing an SSL Certificate to Other Cloud Services

After an SSL certificate is issued, you can push it to other Huawei Cloud services, such as Web Application Firewall (WAF), Content Delivery Network (CDN), and Elastic Load Balance (ELB) in just few clicks. In this manner, data access through the cloud services is more secure.

Prerequisites

The certificate is in the Issued or Hosted status.

Constraints

  • For CDN, SSL certificate names cannot be the same as those of existing SSL certificates. Otherwise, they will fail to be pushed.
  • If you choose to manually generate a CSR when applying for a certificate, the issued certificate cannot be pushed to other cloud services.
  • If you have not purchased a given cloud service or the service is not available for the domain name associated with your certificate, do not push the certificate to it because the process may fail.
  • A certificate can only be pushed to a product once in SCM. If you push a certificate that has been pushed or uploaded to a cloud product, a push failure will occur.

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner of the page and choose Security & Compliance > Cloud Certificate Management Service. The service console is displayed.
  3. In the navigation pane on the left, choose SSL Certificate Manager > SSL Certificates.
  4. In the Operation column of the certificate you want to push, click More > Push to go to the certificate push details page.
  5. Select the cloud service you wish to push the certificate to.

    Figure 1 Selecting a cloud service

  6. (Optional) Set the target region. This step is required only when the rule is to be pushed to ELB or WAF.

    Click on the right of the target project and select the target region. You can select up to 10 regions.

    Figure 2 Selecting the destination region

  7. Click Push Certificate at the lower right corner of the page.

    If a message indicating that the certificate is successfully pushed is displayed, the SSL certificate is successfully pushed to the target service.

    You need to further configure the certificate on the console of the service to enable HTTPS for it.

  8. Check whether you need to immediately access the console of the target service to configure the certificate.

    • If yes, click Configure Now. The management page of the target service is displayed. Configure the certificate.
    • If no, click Continue Pushing or in the upper right corner of the page. The system returns to the certificate push page or SSL certificate management page.

      You can access the console of the target service for certificate management.

    You can view the latest 10 push records on the certificate push page.

Follow-up Operations

You can manage pushed certificates on the console of the corresponding service.

If you have any questions during the configuration, refer to the corresponding service documentation or consult the corresponding service personnel.

  • ELB: If HTTPS data transmission encryption is required, you need to associate a certificate when creating an HTTPS listener. If you choose to push the certificate to ELB in one click, you can select the pushed certificate in ELB. Otherwise, you need to manually upload the certificate. For details about how to set ELB parameters, see Creating a Certificate in ELB.

    Generally, only server certificates need to be configured to authenticate servers for HTTPS-based business. For some key businesses, such as bank payment, two-way authentication is required for enhanced business security. For details about how to deploy certificates for two-way authentication, see Mutual Authentication.

  • CDN: To implement HTTPS security acceleration, you need to configure an HTTPS certificate for the acceleration domain name and deploy the certificate on CDN nodes on the entire network. If you choose to push the certificate to CDN in one click, you can select the pushed certificate in CDN. Otherwise, you need to manually upload the certificate. For details about how to set CDN parameters, see HTTPS Certificate Requirements.
  • WAF: You need to configure a certificate when adding a domain to WAF if HTTPS is used for communications between the client and WAF. If you choose to push the certificate to WAF in one click, you can select the pushed certificate in WAF. Otherwise, you need to manually upload the certificate. For details, see Adding a Domain Name.

    If a certificate has been configured in WAF, you only need to update the certificate. For details, see Updating a Certificate.