The HTTPS protocol is a network protocol built based on the SSL and HTTP protocols for encrypted transfer and authentication, which is more secure than the HTTP protocol. If you want to enable HTTPS acceleration, you can do so by enabling the HTTPS feature for the playback domain name and configuring a correct and valid certificate. You can purchase a certificate from Tencent Cloud SSL Certificate Service. If you already have one, you can upload it to the CSS console for configuration. Currently, CSS only supports the PEM format. If your certificate is in another format, you need to convert it to PEM format first. The format requirements and configuration method for the certificate are as follows:
Certificate Source | Required Configuration Items |
---|---|
Self-owned certificate |
|
Tencent Cloud-hosted certificate | Certificate List: select an uploaded certificate in SSL Certificate Service. |
A certificate provided by the CA includes Apache, IIS, Nginx, and Tomcat files. The encryption service of CSS uses Nginx, so you should select the content of the Nginx files for the configuration.
Go to SSL Certificate Service console > Certificate Management, select the target certificate, click Download in the "Operation" column, and decompress the downloaded package to get the following files:
-----BEGIN CERTIFICATE-----
and -----END CERTIFICATE-----
in the .crt
file for Nginx.Sample content:
Note:If your certificate is issued by an intermediate CA and contains multiple certificates, the certificate content should be spliced as follows:
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
and -----END RSA PRIVATE KEY-----
in the .key
file for Nginx.Sample content:
The HTTPS configuration will take effect in about 2 hours. Please visit the domain name about 2 hours after the certificate is submitted. If HTTPS is displayed in the address bar of the browser, the configuration is successful.
The HTTPS feature can be enabled and disabled. Once it is disabled, CSS will no longer provide HTTPS service for the domain name. If the certificate has expired, it should be replaced with a new valid one.
Was this page helpful?