Tencent Cloud CDN supports the HTTPS acceleration service. You can upload certificates to deploy them or directly deploy certificates hosted in Tencent Cloud SSL Certificate Service to the CDN platform. In this way, you can enable the HTTPS acceleration service to implement encrypted data transfer over the entire network.
Log in to the CDN Console, select Domain Management on the left sidebar, and click Manage on the right of a domain name to access its configuration page. You can find the HTTPS configuration of the specified domain name under the Advanced Configuration tab.
You can access the Certificate Management page on the left sidebar to view all domain names configured with HTTPS acceleration under your account.
On the Certificate Management page, click Configure Certificate and select the acceleration domain name to be configured with a certificate:
.file.myqcloud.com
suffix is the default acceleration domain name of Tencent Cloud COS and can use HTTPS acceleration without configuring any certificates..image.myqcloud.com
suffix domain name is the default acceleration domain name of Tencent Cloud CI and can use HTTPS acceleration without configuring any certificates.If there is an existing certificate in PEM format, you can directly paste its content and private key to the corresponding fields:
In addition to setting the origin-pull mode in the origin server configuration module or when connecting the acceleration domain name, you can also adjust the origin-pull protocol when configuring a certificate. CDN supports the following three origin-pull protocols:
- When configuring follow protocol or HTTPS origin-pull, you need to deploy a valid certificate on the origin server. Otherwise, origin-pull will fail.
- HTTPS origin-pull currently only supports port 443. If you specify another port for the origin server, the configuration will fail.
Click Batch Configuration at the top. You can upload certificates to automatically match domain names for batch configuration.
If there is an existing certificate in PEM format, you can directly paste its content and private key to the corresponding fields:
Based on the uploaded or selected certificate, CDN will automatically match the domain names that allow the configuration. You can select the domain names for configuration as needed:
In addition to setting the origin-pull mode in the origin server configuration module or when connecting the acceleration domain name, you can also adjust the origin-pull protocol in batches when configuring certificates in batches. CDN supports the following three origin-pull protocols:
- After the configurations are submitted in batches, the selected domain names will be deployed with a certificate one by one. If an exception occurs, the list page will display the "Failed to update" status, and the original configuration will continue to take effect.
- If the update fails, you can click Edit on the right to configure it again.
Click Edit on the right of a certificate to update it for the specified domain name. You can also configure certificates in batches again to override the original certificate configurations.
Certificate updates will seamlessly take effect on nodes one by one across the entire network without affecting the HTTPS service in the production environment. You can also click Delete to cancel the HTTPS acceleration service.
Tencent Cloud will send you expiration reminders through SMS, email, and the Message Center 30, 15, and 7 days before the expiration of your certificate and on the day of its expiration. Currently, reminder recipients for SSL certificates can be customized. You can access the Message Subscription page for configuration.
If your acceleration domain name is configured for global acceleration, the configured HTTPS certificate will take effect globally. Currently, the certificates configured for mainland China and outside mainland China must be the same.
If a domain name has different certificates in/outside mainland China, you will see mainland China and outside mainland China tags on the Certificate Management page, which indicate that the domain names with tags have different legacy configurations.
Under the Advanced Configuration tab of the domain name, you can also see two configurations:
If your acceleration domain name has different certificate configurations and you want to change one of the certificates, please submit a ticket for assistance.
Was this page helpful?