Adding an SSL Certificate
If the API group contains HTTPS-compatible APIs, add an SSL certificate for the independent domain name bound to the group. An SSL certificate is used for data encryption and identity authentication. It supports one-way and two-way authentication.
- One-way authentication: When connecting to a server, a client verifies whether the server is correct.
- Two-way authentication: When connecting to a server, a client verifies the server and the server also verifies the client.
Constraints
- Only SSL certificates in PEM format can be added.
- The added SSL certificates support only the RSA, ECDSA, and DSA encryption algorithms.
- Certificate chains are not supported.
Creating an SSL Certificate
- Log in to the ROMA Connect console. On the Instances page, click View Console of an instance.
- In the navigation pane on the left, choose API Connect > API Policies. On the SSL Certificates tab, click Create SSL Certificate.
- In the displayed dialog box, configure the SSL certificate information.
Table 1 SSL certificate configuration Parameter
Description
Name
Enter an SSL certificate name. Using naming rules facilitates future search.
Scope
Specify the scope to view the SSL certificate.
- Current instance: The SSL certificate can be viewed only in the current instance.
- All: The SSL certificate can be viewed in all instances under the current account.
Content
Enter the SSL certificate content in PEM format.
Open the PEM certificate file in the certificate to upload in text, and copy the certificate content to content.
If the certificate is not in PEM encoding format, convert the format by referring to Converting the Certificate Format to PEM.
Key
Enter the SSL certificate key in PEM format.
Open the KEY/PEM private key file in the certificate to be uploaded in text, and copy the private key to Key.
CA
When two-way authentication is used, a CA certificate is required to verify the client certificate. After configuring a CA certificate, bind an SSL certificate to the independent domain name to enable two-way authentication.
Open (in text mode) the CA certificate file (.pem format) of the certificate to be uploaded and copy the content to CA.
If the certificate is not PEM-coded, convert the format by referring to Converting the Certificate Format to PEM.
- Click OK. The SSL certificate is added.
Replace expired certificates immediately to reduce security risks.
Converting the Certificate Format to PEM
Format |
Converting with OpenSSL |
---|---|
CER/CRT |
Rename the certificate file cert.crt to cert.pem directly. |
PFX |
|
P7B |
|
DER |
|
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot