HTTPS Configuration

Last updated: 2018-08-21 16:15:18

PDF

Overview

HTTPS (Hypertext Transfer Protocol Secure) is a security protocol built on HTTP protocol to be used for encrypted communication and can effectively ensure data transmission security. When configuring HTTPS, you need to provide the certificate for your domain and deploy it across all CDN nodes on the entire network to achieve encrypted data transmission across the network.

HTTPS configuration is now completely available for you.

Configuration Instructions

HTTPS configuration is only available to domains which meet the following conditions:

  • Domain status is Deploying or Activated in "Domain Management" page;
  • It is not a COS-synchronized domain with ".file.myqcloud.com" as suffix;
  • Domain's connection method is Self-owned origin, COS origin or FTP origin;

Log in to CDN Console and go to "Domain Management" page. Then click Manage button to the right of the domain name to enter the management page:

Go to "Advanced Configuration" and find "HTTPS Configuration"

Certificate Types

Tencent Cloud currently supports two certificate deployment methods:

  • Self-owned certificate: Upload self-owned certificate and private key to CDN for deployment. Transmission is encrypted throughout the process to ensure security of your certificate;
  • Tencent Cloud-hosted certificate: You can go to SSL Certificate Management and trust your certificate to Tencent Cloud to use it for multiple cloud products. You can also apply for a Free Certificate provided by TrustAsia through this platform and deploy it directly to CDN;
  • Tencent Cloud certificate: The original ".qcloudcdn.com" domain suffix belongs to Tencent Cloud and uses Tencent Cloud certificate. The entrance for adding this certificate has been closed.

Certificate Management

Go to Certificate Management page to add, modify or delete certificates. For more information, refer to Certificate Management Instructions.

Forced HTTPS

The Forced Redirect button will appear when the certificate is successfully configured. When it is enabled, any HTTP request made by the user will be redirected to HTTPS for access:

The feature is only available after HTTPS certificate is successfully configured

HTTP2.0

If you already obtained the qualifications of HTTP 2.0 closed beta, you can open HTTP2.0 after finish the configuration of HTTPS certificate:

Algorithms supported by HTTPS origin-pull

The algorithms supported by HTTPS origin-pull are shown in the following table (in no particular order):

ECDHE-RSA-AES256-SHA ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-GCM-SHA384
ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES256-SHA384 ECDHE-ECDSA-AES256-GCM-SHA384
SRP-AES-256-CBC-SHA SRP-RSA-AES-256-CBC-SHA SRP-DSS-AES-256-CBC-SHA
DH-RSA-AES256-SHA DH-RSA-AES256-SHA256 DH-RSA-AES256-GCM-SHA384
DH-DSS-AES256-SHA DH-DSS-AES256-SHA256 DH-DSS-AES256-GCM-SHA384
DHE-RSA-AES256-SHA DHE-RSA-AES256-SHA256 DHE-RSA-AES256-GCM-SHA384
DHE-DSS-AES256-SHA DHE-DSS-AES256-SHA256 DHE-DSS-AES256-GCM-SHA384
CAMELLIA256-SHA DH-RSA-CAMELLIA256-SHA DHE-RSA-CAMELLIA256-SHA
PSK-3DES-EDE-CBC-SHA DH-DSS-CAMELLIA256-SHA DHE-DSS-CAMELLIA256-SHA
ECDH-RSA-AES256-SHA ECDH-RSA-AES256-SHA384 ECDH-RSA-AES256-GCM-SHA384
ECDH-ECDSA-AES256-SHA ECDH-ECDSA-AES256-SHA384 ECDH-ECDSA-AES256-GCM-SHA384
AES256-SHAAES256-SHA256 AES256-GCM-SHA384
ECDHE-RSA-AES128-SHA ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-GCM-SHA256
ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES128-GCM-SHA256
SRP-AES-128-CBC-SHA SRP-RSA-AES-128-CBC-SHA SRP-DSS-AES-128-CBC-SHA
DH-RSA-AES128-SHA DH-RSA-AES128-SHA256 DH-RSA-AES128-GCM-SHA256
DH-DSS-AES128-SHA DH-DSS-AES128-SHA256 DH-DSS-AES128-GCM-SHA256
DHE-RSA-AES128-SHA DHE-RSA-AES128-SHA256 DHE-RSA-AES128-GCM-SHA256
DHE-DSS-AES128-SHA DHE-DSS-AES128-SHA256 DHE-DSS-AES128-GCM-SHA256
ECDH-RSA-AES128-SHA ECDH-RSA-AES128-SHA256 ECDH-RSA-AES128-GCM-SHA256
ECDH-ECDSA-AES128-SHA ECDH-ECDSA-AES128-SHA256 ECDH-ECDSA-AES128-GCM-SHA256
CAMELLIA128-SHA DH-RSA-CAMELLIA128-SHA DHE-RSA-CAMELLIA128-SHA
PSK-RC4-SHA DH-DSS-CAMELLIA128-SHA DHE-DSS-CAMELLIA128-SHA
AES128-SHA AES128-SHA256 AES128-GCM-SHA256
SEED-SHA DH-RSA-SEED-SHA DH-DSS-SEED-SHA
DES-CBC3-SHA DHE-RSA-SEED-SHA DHE-DSS-SEED-SHA
IDEA-CBC-SHA PSK-AES256-CBC-SHA PSK-AES128-CBC-SHA
EDH-RSA-DES-CBC3-SHA ECDH-RSA-DES-CBC3-SHA ECDHE-RSA-DES-CBC3-SHA
EDH-DSS-DES-CBC3-SHA ECDH-ECDSA-DES-CBC3-SHA ECDHE-ECDSA-DES-CBC3-SHA
RC4-SHA ECDH-RSA-RC4-SHA ECDHE-RSA-RC4-SHA
RC4-MD5 ECDH-ECDSA-RC4-SHA ECDHE-ECDSA-RC4-SHA
SRP-3DES-EDE-CBC-SHA SRP-RSA-3DES-EDE-CBC-SHA SRP-DSS-3DES-EDE-CBC-SHA
DH-DSS-DES-CBC3-SHA DH-RSA-DES-CBC3-SHA -