You can configure HTTPS certificates for domain names connected to ECDN. ECDN supports configuration of existing certificates or certificates hosted or issued in the SSL Certificates Service Console.
If your application has been migrated to the CDN console, you can go to the console for operation by referring to Content Delivery Network.
Log in to the ECDN Console and click Certificate Management on the left sidebar to enter the list page where you can:
On the domain management page, click Configure Certificate to enter the management page and deploy a certificate in the following steps:
In the Domain Name drop-down list, select the domain name for which to configure a certificate.
The domain name should already have been connected to ECDN, and the domain name status should be activated. Certificates cannot be configured for deactivated or deploying domain names.
After selecting a domain name, you need to configure it with a certificate. ECDN supports configuration of private and Tencent Cloud-hosted certificates. You can choose an appropriate certificate based on your selected domain name. Directions for configuring these two types of certificates are detailed as below:
|Certificate Source Type||Configuration Steps||Remarks|
|Private certificate||You need to paste certificate content and private key content into the text box and add remarks for certificate identification.||The certificate content must be in PEM format. For more information, please see Private Certificate Configuration Guide.|
|Tencent Cloud-hosted certificate||You can select an appropriate Tencent Cloud-hosted certificate in the certificate drop-down list.||You can log in to the SSL Certificates Service Console to apply for a certificate free of charge or host a private certificate in Tencent Cloud.|
Click Deploy to submit the task. You can view the certificate deployment status on the Certificate Management page.
If your submitted certificate is associated with multiple acceleration domain names, you can manage their certificate configurations in a unified manner through batch deployment in the following steps:
You can select a multi-domain name certificate or wildcard certificate when using batch deployment. For detailed directions, please see Certificate Configuration Steps.
After a certificate is selected, the system will automatically associate the certificate domain name with an ECDN acceleration domain name. You can also filter domain name certificates by their deployment status to quickly select domain names that need to be configured with the certificate.
After the configuration is completed, click submit to submit it. You can go to the certificate management list to view the certificate configuration status.
- There should be no blank lines between the certificates.
- All certificates are in PEM format.
-----BEGIN CERTIFICATE----- -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -----END CERTIFICATE-----
openssl rsa -in old_server_key.pem -out new_server_key.pem
When configuring a private certificate, you may encounter a problem where the certificate chain cannot be completed. In this case, you can paste the CA-issued certificate (in PEM format) after the domain name certificate (in PEM format) to complete the certificate chain. You can also submit a ticket for assistance.
Currently, ECDN only supports certificates in PEM format. Certificates in other formats need to be converted to PEM format first. You are recommended to use OpenSSL to perform the conversion. The following shows how to convert several common formats to PEM.
The DER format is generally used on Java platforms.
openssl x509 -inform der -in certificate.cer -out certificate.pem
openssl rsa -inform DER -outform PEM -in privatekey.der -out privatekey.pem
The P7B format is generally used on Windows Server and Tomcat.
openssl pkcs7 -print_certs -in incertificat.p7b -out outcertificate.cer
outcertificat.cerwith a text editor to view the content of the PEM certificate.
The PFX format is generally used on Windows Server.
openssl pkcs12 -in certname.pfx -nokeys -out cert.pem
openssl pkcs12 -certname.pfx -nocerts - .pem -nodes